This description is being left blank until sites have a chance to upgrade.
Security risk: medium
The problem is due to an interaction between Condor's execute directory when it is named /home/condor/execute and certain other programs in the VDT.
If you do not have a /home/condor/execute directory on your system (on any computer where the VDT is installed, including computers that access the VDT through mounting a shared filesystem), then you do not need to apply any fix because there is no vulnerability.
If you have VDT 1.8.1n or later, or if you have VDT 1.10.1c or
later, you do not need the fix. All earlier versions of the VDT are
vulnerable: we are only providing fixes for VDT 1.8.1 and VDT
1.10.1. You can check the version of the VDT you are using with the
If you do have a /home/condor/execute directory:
This can be done for VDT 1.8.1 (OSG 0.8) or VDT 1.10.1 (OSG 1.0) with the following commands:
> cd $VDT_LOCATION > . setup.sh > vdt-control --off At this point, manually stop off running VDT programs that are not affected by vdt-control, such as running Globus job managers. > pacman -update VDT-Common > $VDT_LOCATION/vdt/rpath/vdt-remove-rpaths $VDT_LOCATION > vdt-control --on
If you don't use Condor, remove the offending directory, /home/condor/execute. If you use Condor, you can tell Condor to use a different execute directory. Naming it anything else will be fine, perhaps /home/condor/EXECUTE.
Assuming you don't run Condor from a root-squashed NFS volume, upgrading Condor to 7.0.2 will also solve the problem. Condor 7.0.2 was released on 10-Jun-2008.