Prevent jobs and daemons from running setuid binaries

Description

With the recent security concerns around "sudo", and new interfaces in the Linux kernel, it is possible for HTCondor to prevent all jobs from running setuid programs. We believe there is no setuid program that jobs should be running, perhaps with the exception of ping.

This ticket will change the condor_master to set the no-new-privileges bit for all its children, which will prevent jobs, daemons, and helper programs that daemons popen from accidentally running setuid programs.

We will knob this with DISABLE_SETUID, which defaults to true.

Activity

Show:
Todd L Miller
February 25, 2021, 7:01 AM

Code Review

Very simple straight-forward patchset. I approve.

Todd L Miller
February 25, 2021, 7:01 AM

Patched up the documentation in 09e742.

Time remaining

0m

Assignee

Greg Thain