[Beowulf] Definition of HPC

[Joe Landman]

On 04/18/2013 01:07 PM, Hearns, John wrote:

> As an aside, a normal user can trigger a drop of the caches before the start of a job.
> If you have looked into it,  sudo echo 3 > /proc/sys/vm/drop_caches is well nigh impossible.
> But you can run an suid  C program which does effectively the same job.

You could do that (suid) or ...

landman at metal:~$ cat drop_caches.bash
#!/bin/bash

echo 3 > /proc/sys/vm/drop_caches

landman at metal:~$ ./drop_caches.bash
./drop_caches.bash: line 3: /proc/sys/vm/drop_caches: Permission denied

# darned permissions

landman at metal:~$ sudo echo 3 > /proc/sys/vm/drop_caches
bash: /proc/sys/vm/drop_caches: Permission denied

# ??!?

landman at metal:~$ sudo ./drop_caches.bash
[sudo] password for landman:
landman at metal:~$

#  PROFIT!!!

Not completely impossible to do, just requires some (non suid) 
scripting.  And if you need this to run a backgrounded service not using 
one of the service managers (xinetd, et al), you can put this in a trusty

     nohup Do_not_so_evil_things_and_dont_run_with_scissors.bash > 
/tmp/non-evil.out 2> /tmp/non-evil.err &

and low and behold ... it works.

The SUID bit is still able to be compromised, enabling nefarious things 
to occur.  The sudo is SUID, but encapsulating the needs into scripts 
like this (and you can even pass arguments/data back and forth) is 
fairly trivial.

Yes, you can compromise the script to do bad things as well.  But if 
you, as normal non root accidentally do a

     !rm

and lo and behold, it pulls the rm -rf . from the stack, and you are in 
an important directory ... well ...

And yes, I speak from experience.  Usually caffeine deprived experience.


-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics, Inc.
email: landman at scalableinformatics.com
web  : http://scalableinformatics.com
        http://scalableinformatics.com/siflash
phone: +1 734 786 8423 x121
fax  : +1 866 888 3112
cell : +1 734 612 4615