File Fix-security-issue-in-Prolog-Epilog-Slurmctld-by-always-prepending-SPANK_.patch of Package slurm.26118

From: Egbert Eich <eich@suse.com>
Date: Thu May 20 07:40:14 2021 +0200
Subject: Fix security issue in {Prolog,Epilog}Slurmctld by always prepending SPANK_.
Patch-mainline: a9e9e2fedbd200ca545ab67dd753bd52c919f236
Git-commit: 586172d02cd55108a752c860cec012ba057b9229
References: bnc#1186024

To all user-set environment variables.

CVE-2021-31215.

Signed-off-by: Egbert Eich <eich@suse.com>
---
 src/slurmctld/job_scheduler.c | 2 ++
 1 file changed, 2 insertions(+)
diff --git a/src/slurmctld/job_scheduler.c b/src/slurmctld/job_scheduler.c
index a1a7372..7a6eba7 100644
--- a/src/slurmctld/job_scheduler.c
+++ b/src/slurmctld/job_scheduler.c
@@ -3843,6 +3843,8 @@ static char **_build_env(struct job_record *job_ptr, bool is_epilog)
 	if (job_ptr->spank_job_env_size) {
 		env_array_merge(&my_env,
 				(const char **) job_ptr->spank_job_env);
+		valid_spank_job_env(my_env, job_ptr->spank_job_env_size,
+				    job_ptr->user_id);
 	}

 #ifdef HAVE_BG

Places

File Fix-security-issue-in-Prolog-Epilog-Slurmctld-by-always-prepending-SPANK_.patch of Package slurm.26118

Places