Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 593980 - cluster daemons inherit environment of user
Summary: cluster daemons inherit environment of user
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cman
Version: 5.5
Hardware: All
OS: Linux
Target Milestone: ---
: ---
Assignee: David Teigland
QA Contact: Cluster QE
Depends On:
TreeView+ depends on / blocked
Reported: 2010-05-20 08:47 UTC by Martin Waite
Modified: 2010-05-25 16:06 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-05-25 16:06:42 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Martin Waite 2010-05-20 08:47:42 UTC
Description of problem:

Many cluster daemons inherit environment of the user that started the cluster.
This is a minor security risk.

Version-Release number of selected component (if applicable):


How reproducible:

examine /proc/<pid>/environ for the cluster daemons.  

Steps to Reproduce:
1. start cluster
2. find pids of groupd, fenced, dlm_controld, gfs_controld, clurgmgrd
3. examine /proc/<pid>/environ for these
Actual results:

Environment variables from the user that started the cluster will appear - eg. LS_COLORS, PWD

Expected results:

The daemons should build their own sanitized environments, otherwise unexpected 
dependencies on the user can occur - such as requiring arbitrary directories to continue to exist.

Additional info:

Comment 1 Christine Caulfield 2010-05-25 08:02:43 UTC
Pass this over to Dave as he looks after most of the daemons mentioned.

Comment 2 David Teigland 2010-05-25 14:08:55 UTC
I've never heard of doing this; what specifically would you suggest they do?

Comment 4 Martin Waite 2010-05-25 15:43:29 UTC
Sorry - I have wasted your time.  

I have checked again the environment of the affected daemons, and they are

PATH has been sanitized.  cwd has been changed to a sane place.    

I was misled by the PWD setting, which remains (harmlessly) set to the cwd of
the user when cman is started.

Please kill this bug report.

Note You need to log in before you can comment on or make changes to this bug.