Vladimir Sokolovsky wrote:
On 10/22/2010 12:50 AM, Jay Lan wrote:
# Dale Talcott of NASA Ames submitted a bug report and his patch to SGI.
# I herein submitted this patch for him. The patch is against 1.5.2 -
[email protected]
The openibd startup script from the OFED rpm includes the following
code to
create a script that it runs in the background:
...
cat << EOF >> /tmp/ib_set_node_desc.sh
#!/bin/bash
# Wait while node's hostname is set
sleep 10
# Add node description to sysfs
IBSYSDIR="/sys/class/infiniband"
if [ -d \${IBSYSDIR} ]; then
declare -i hca_id=1
for hca in \${IBSYSDIR}/*
do
if [ -e \${hca}/node_desc ]; then
logger -i "Set node_desc for \$(basename \$hca): \$(hostname -s)
HCA-\${hca_id}"
echo -n "\$(hostname -s) HCA-\${hca_id}" >> \${hca}/node_desc
fi
let hca_id++
done
fi
/bin/rm -f \$0
EOF
chmod 755 /tmp/ib_set_node_desc.sh
/tmp/ib_set_node_desc.sh > /dev/null 2>&1 &
The problems with this startup script are many, but the security issue
is that
the script, while running as root during system startup, writes to a
predictable file name in /tmp (/tmp/ib_set_node_desc.sh). If a user
creates a
symlink with that path ahead of time, the next reboot can clobber any
file root
has access to.
There are several fixes, but one is to avoid the use of the temporary
file
altogether.
Signed-off-by: Jay Lan <[email protected]>
Hi Jay,
The purpose of creating a temporary script for setting node
description was to avoid blocking (sleep 10) of the openibd script.
So, as a solution I propose to use a script with randomly created name
(mktemp /tmp/ib_set_node_desc.XXXXXXXX).
What do you think?
Hi Vladimir,
That would be one possible fix, but we can achieve this without
creating a temporary file altogether.
Note that the patch would execute ib_set_node_desc() in sub shell:
+ ib_set_node_desc > /dev/null 2>&1 &
there would be no blocking of the openibd script. I put in 'date'
before and after that line, and it showed no delay at all.
Regards,
Jay
Regards,
Vladimir
_______________________________________________
ewg mailing list
[email protected]
http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
