Note: This web site is only kept up to date for OSG Software 1.2 (VDT 2.0.0). If you are looking for information for the most recent release, the RPM-based OSG Software 3.0, please see the OSG documentation web site
This description is being left blank until sites have a chance to upgrade.
Security risk: medium
The problem is due to an interaction between Condor's execute directory when it is named /home/condor/execute and certain other programs in the VDT.
If you do not have a /home/condor/execute directory on your system (on any computer where the VDT is installed, including computers that access the VDT through mounting a shared filesystem), then you do not need to apply any fix because there is no vulnerability.
If you have VDT 1.8.1n or later, or if you have VDT 1.10.1c or
later, you do not need the fix. All earlier versions of the VDT are
vulnerable: we are only providing fixes for VDT 1.8.1 and VDT
1.10.1. You can check the version of the VDT you are using with the
vdt-version command.
If you do have a /home/condor/execute directory:
This can be done for VDT 1.8.1 (OSG 0.8) or VDT 1.10.1 (OSG 1.0) with the following commands:
> cd $VDT_LOCATION
> . setup.sh
> vdt-control --off
At this point, manually stop off running VDT programs
that are not affected by vdt-control, such as running
Globus job managers.
> pacman -update VDT-Common
> $VDT_LOCATION/vdt/rpath/vdt-remove-rpaths $VDT_LOCATION
> vdt-control --on
VDT 1.8.1n release notes and
update instructions
VDT 1.10.1c release notes and
update instructions
If you don't use Condor, remove the offending directory, /home/condor/execute. If you use Condor, you can tell Condor to use a different execute directory. Naming it anything else will be fine, perhaps /home/condor/EXECUTE.
Assuming you don't run Condor from a root-squashed NFS volume, upgrading Condor to 7.0.2 will also solve the problem. Condor 7.0.2 was released on 10-Jun-2008.