1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: Fix CVE-2021-31215
Fix security issue in {Prolog,Epilog}Slurmctld by always prepending SPANK_.
To all user-set environment variables.
Author: Marshall Garey <marshall@schedmd.com>
Last-Update: 2021-05-12
diff --git a/src/plugins/prep/script/prep_script_slurmctld.c b/src/plugins/prep/script/prep_script_slurmctld.c
index de517f9369..1fe4bf8a40 100644
--- a/src/plugins/prep/script/prep_script_slurmctld.c
+++ b/src/plugins/prep/script/prep_script_slurmctld.c
@@ -173,6 +173,8 @@ static char **_build_env(job_record_t *job_ptr, bool is_epilog)
if (job_ptr->spank_job_env_size) {
env_array_merge(&my_env,
(const char **) job_ptr->spank_job_env);
+ valid_spank_job_env(my_env, job_ptr->spank_job_env_size,
+ job_ptr->user_id);
}
setenvf(&my_env, "SLURM_JOB_ACCOUNT", "%s", job_ptr->account);
|
