Re: [Beowulf] Definition of HPC

Thu, 18 Apr 2013 11:35:11 -0700 

On 04/18/2013 01:07 PM, Hearns, John wrote:

> As an aside, a normal user can trigger a drop of the caches before the start 
> of a job.
> If you have looked into it,  sudo echo 3 > /proc/sys/vm/drop_caches is well 
> nigh impossible.
> But you can run an suid  C program which does effectively the same job.

You could do that (suid) or ...

landman@metal:~$ cat drop_caches.bash
#!/bin/bash

echo 3 > /proc/sys/vm/drop_caches

landman@metal:~$ ./drop_caches.bash
./drop_caches.bash: line 3: /proc/sys/vm/drop_caches: Permission denied

# darned permissions

landman@metal:~$ sudo echo 3 > /proc/sys/vm/drop_caches
bash: /proc/sys/vm/drop_caches: Permission denied

# ??!?

landman@metal:~$ sudo ./drop_caches.bash
[sudo] password for landman:
landman@metal:~$

#  PROFIT!!!

Not completely impossible to do, just requires some (non suid) 
scripting.  And if you need this to run a backgrounded service not using 
one of the service managers (xinetd, et al), you can put this in a trusty

     nohup Do_not_so_evil_things_and_dont_run_with_scissors.bash > 
/tmp/non-evil.out 2> /tmp/non-evil.err &

and low and behold ... it works.

The SUID bit is still able to be compromised, enabling nefarious things 
to occur.  The sudo is SUID, but encapsulating the needs into scripts 
like this (and you can even pass arguments/data back and forth) is 
fairly trivial.

Yes, you can compromise the script to do bad things as well.  But if 
you, as normal non root accidentally do a

     !rm

and lo and behold, it pulls the rm -rf . from the stack, and you are in 
an important directory ... well ...

And yes, I speak from experience.  Usually caffeine deprived experience.


-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics, Inc.
email: land...@scalableinformatics.com
web  : http://scalableinformatics.com
        http://scalableinformatics.com/siflash
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615

_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing
To change your subscription (digest mode or unsubscribe) visit 
http://www.beowulf.org/mailman/listinfo/beowulf

Reply via email to