Bug 593980

Summary: cluster daemons inherit environment of user
Product: Red Hat Enterprise Linux 5 Reporter: Martin Waite <waite.134>
Component: cmanAssignee: David Teigland <teigland>
Status: CLOSED NOTABUG QA Contact: Cluster QE <mspqa-list>
Severity: low Docs Contact:
Priority: low    
Version: 5.5CC: ccaulfie, cluster-maint, edamato, teigland
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-25 16:06:42 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Waite 2010-05-20 08:47:42 UTC 
Description of problem:

Many cluster daemons inherit environment of the user that started the cluster.
This is a minor security risk.

Version-Release number of selected component (if applicable):

cman-2.0.115-1.el5_4.9

How reproducible:

examine /proc/<pid>/environ for the cluster daemons.  

Steps to Reproduce:
1. start cluster
2. find pids of groupd, fenced, dlm_controld, gfs_controld, clurgmgrd
3. examine /proc/<pid>/environ for these
  
Actual results:

Environment variables from the user that started the cluster will appear - eg. LS_COLORS, PWD

Expected results:

The daemons should build their own sanitized environments, otherwise unexpected 
dependencies on the user can occur - such as requiring arbitrary directories to continue to exist.

Additional info:
Comment 1 Christine Caulfield 2010-05-25 08:02:43 UTC 
Pass this over to Dave as he looks after most of the daemons mentioned.
Comment 2 David Teigland 2010-05-25 14:08:55 UTC 
I've never heard of doing this; what specifically would you suggest they do?
Comment 4 Martin Waite 2010-05-25 15:43:29 UTC 
Sorry - I have wasted your time.  

I have checked again the environment of the affected daemons, and they are
fine.

PATH has been sanitized.  cwd has been changed to a sane place.    

I was misled by the PWD setting, which remains (harmlessly) set to the cwd of
the user when cman is started.

Please kill this bug report.