Glexec is a middleware component used in the verification and authorization of grid credentials on whose behalf associated jobs or tasks should be run. Glexec normally is deployed in setuid-root mode, so that it can map a given credential (proxy) to an appropriate local account. Glexec is used by pilot jobs (such as those submitted by GlideinWMS) to run user payload with the correct local identities. On a worker node glexec may be available to sets of local accounts that should correspond to privileged members of VOs that employ multi-user pilot job frameworks. Such a pilot job should download a task from a central task queue, along with a valid proxy for the user who submitted the task: glexec then is used to let the task be run under a different local account corresponding to the given proxy. Glexec may also refuse a proxy, e.g. when the user concerned is banned.
The University of Wisconsin Vulnerability Assessment project has reviewed glexec and found 2 vulnerabilities (GLEXEC-2009-0002 & GLEXEC-2009-0004) which allow authorized users to gain root access. These vulnerabilities are present in glexec versions 0.5.35 or earlier. Later versions are not affected. Specific details of the flaw will be released at a future date.
Security risk: high
We recommend updating to glexec 0.5.36 or later. In the VDT, this is referred to as glexec-osg 0.6.6 or later.
An updated version of glexec is available in VDT 1.10.1x and VDT 2.0.0p2, or later. As of those versions, on 5-June-2009, glexec was updated to 0.5.36.