Summary: We have successfully deployed a system-wide mitigation across the Mahuika environment to address the recently disclosed ssh-keysign vulnerability. While the cluster remains fully operational and secure, the security measures implemented may affect certain user workflows, specifically those relying on system call tracing and process debugging.
What You Need to Know (User Impact): To effectively neutralize this vulnerability, we have implemented strict restrictions on ptrace capabilities across the environment (including on compute nodes). If your research or development workflow involves attaching to running processes, you will likely experience permission errors (e.g., Operation not permitted). Potentially Affected Tools: • Debuggers: gdb, Arm Forge (DDT), TotalView, or attaching to processes via IDEs. • System Tracers: strace, ltrace. • Performance Profilers: Intel VTune, Valgrind, Linux perf, and various MPI profiling utilities that rely on ptrace to hook into active jobs.
Note on Standard Execution: Running a program directly under a debugger (e.g., gdb ./my_program) may still work depending on the exact scope of the applied kernel restrictions, but attaching to an already running process (e.g., gdb -p ) will be blocked.
Next Steps & Support: For now we have implemented the strictest mitigation and will evaluate this further next week. We understand that process profiling and debugging are critical components of HPC development. If this mitigation breaks an essential part of your workflow, please contact the support team. We can discuss alternative profiling methods. Thank you for your cooperation as we work to maintain a secure environment for all users.
Posted May 16, 2026 - 12:59 NZST
This incident affects: Submit new HPC Jobs, Jobs running on HPC, and NeSI OnDemand.