		   Grid Security Vulnerability Group - Advisory

-- Topic:          Shell account access to Worker Nodes
-- Date:           2010-08-18
-- ID:	           Grid Vulnerability Savannah bug #41748

-- Background

Jobs submitted to the Grid are executed on Worker Nodes (WN).

-- Vulnerability Details

It has been demonstrated that it is possible for users who can execute jobs
on a particular Worker Node to gain interactive shell access to that WN.

-- Grid Security Vulnerability Group Response

The Grid Security Vulnerability Group considers this issue to be 'Low' risk
and has produced this advisory so that sites are aware that this is possible
and recommends no particular action.

Only users who are already allowed to submit jobs to a particular WN may be
able to gain interactive shell access, which does not give the user any
elevated privileges.

Furthermore, interactive access may actually be desirable sometimes,
in particular for debugging jobs within the WN environment.


-- Affected software and components

gLite 3.1, gLite 3.2


-- Component and Installation information for gLite 3.1

N/A

-- Component and Installation information for gLite 3.2

N/A


-- Precautionary measures or checks

See discussion below.


-- Other information

No solution was found for the general-purpose Worker Nodes that users
and services expect jobs to run on.  By definition such Worker Nodes
will put little constraint on the functionality available to jobs.

A special login shell (e.g. /sbin/nologin) for grid accounts may break
various batch systems and can be circumvented by submitting a job that
contains the desired functionality itself.

A site might set up a dedicated queue for Worker Nodes that will only
run certain well-defined executables, but such a queue would e.g. not
be usable via the gLite Workload Management System, which expects the
Worker Node to have a standard POSIX environment.

For the various reasons listed this issue is expected not to be fixed.


-- Credit

This vulnerability was initially reported by Francesco Giacomini.


-- Disclosure Timeline
Yyyy-mm-dd

2008-09-17 Vulnerability reported by Francesco Giacomini.
2008-10-27 Initial assessment by the Grid Security Vulnerability Group
2010-08-18 Public disclosure

-- References
 If applicable
==========================================================================