On Fri, Aug 8, 2008 at 2:12 PM, Dave Olson <[EMAIL PROTECTED]> wrote: > On Fri, 8 Aug 2008, Hal Rosenstock wrote: > > | On Fri, Aug 8, 2008 at 10:12 AM, John Russo <[EMAIL PROTECTED]> wrote: > | > Issue: We have found that causes openibd to be started before networking > | > and therefore the NodeDescription, when returned from the SM, does not > | > always contain the hostname of the system when ibhosts is run. > | > A solution was proposed however I wanted to give an alternative that we > | > worked out in case you liked it and wanted to use it instead. > | > | I would think setting of the NodeDescription in this manner would need > | to be done optionally, via a module parameter, with the default being > | off. Quite some time ago we had the discussion about it being a system > | admin policy/possible security issue to reveal or not reveal the > | hostname via similar mechanisms. For a similar reason, this capability > | was removed from ICMP. > > That's addressed by the same mechanism that currently exists in the > openibd script.
Isn't that user space ? Also, this is OFED rather than upstream kernel code. > Simply set the node_desc to something other than > the hostname. The new behavior occurs only if the node_desc > hasn't been explictly set. > > If there is strong concern that this leaves a small window in which > the hostname is exposed, it could be modified to occur only if > the node_desc is set to some well-defined string, such as __HOST__ > or something of the sort. > I think a module parameter is more than is needed; if added, it > should probably default to enable, since relatively few sites are likely to > have security concerns within an IB fabric (as far as exposing > hostnames). There was some kernel code which did used system name for an IB agent and was rejected by the community for that reason. -- Hal > Dave Olson > [EMAIL PROTECTED] > _______________________________________________ general mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
