On 10/22/2010 12:50 AM, Jay Lan wrote:
# Dale Talcott of NASA Ames submitted a bug report and his patch to SGI. # I herein submitted this patch for him. The patch is against 1.5.2 - [email protected]The openibd startup script from the OFED rpm includes the following code to create a script that it runs in the background: ... cat << EOF >> /tmp/ib_set_node_desc.sh #!/bin/bash # Wait while node's hostname is set sleep 10 # Add node description to sysfs IBSYSDIR="/sys/class/infiniband" if [ -d \${IBSYSDIR} ]; then declare -i hca_id=1 for hca in \${IBSYSDIR}/* do if [ -e \${hca}/node_desc ]; then logger -i "Set node_desc for \$(basename \$hca): \$(hostname -s) HCA-\${hca_id}" echo -n "\$(hostname -s) HCA-\${hca_id}" >> \${hca}/node_desc fi let hca_id++ done fi /bin/rm -f \$0 EOF chmod 755 /tmp/ib_set_node_desc.sh /tmp/ib_set_node_desc.sh > /dev/null 2>&1 & The problems with this startup script are many, but the security issue is that the script, while running as root during system startup, writes to a predictable file name in /tmp (/tmp/ib_set_node_desc.sh). If a user creates a symlink with that path ahead of time, the next reboot can clobber any file root has access to. There are several fixes, but one is to avoid the use of the temporary file altogether. Signed-off-by: Jay Lan <[email protected]>
Hi Jay, The purpose of creating a temporary script for setting node description was to avoid blocking (sleep 10) of the openibd script. So, as a solution I propose to use a script with randomly created name (mktemp /tmp/ib_set_node_desc.XXXXXXXX). What do you think? Regards, Vladimir _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
