GitHub
CERT Secure Coding

CON42-C. Don't allow attackers to influence environment variables that control concurrency parameters

Under Construction

This rule is under construction.

The recommended way to use OpenMP is to specify most of the performance parameters in environment variables so that administrators can tweak them for their environment:

For example,

  • Set the default number of threads to use.

OMP_NUM_THREADS int_literal

  • OpenMP added an environment variable to control the size of

child threads’ stack

OMP_STACKSIZE

  • Also added an environment variable to hint to runtime how to

treat idle threads

OMP_WAIT_POLICY

–     Process binding is enabled if this variable is true … i.e. if true

the runtime will not move threads around between processors.

OMP_PROC_BIND true | false

The downside of this is that if an attacker can manage to control these variables, they can devastate the performance, for example, they can serialize the program by setting the number of threads to 1.

CAPEC has a generic description of a similar attack pattern: https://capec.mitre.org/data/definitions/10.html

The risk is not limited to OpenMP, and the preferred mitigation is most likely to make sure that environment variables cannot be manipulated.  This would probably make the use of environment variables in OpenMP program ill-advised for set-uid-root programs, for example, where a less privileged user controls the environment.