David Lee wrote:
> On Thu, 24 Aug 2006, Alan Robertson wrote:
>
>> [...]
>> # OCF_RESKEY_ip=10.10.10.199 OCF_RESKEY_cidr_netmask=22 ./IPaddr start
>> 2006/08/24_06:58:55 INFO: eval /sbin/ifconfig eth1:0 10.10.10.199
>> netmask 255.255.252.0 broadcast 10.10.11.255
>> 2006/08/24_06:58:55 INFO: Sending Gratuitous Arp for 10.10.10.199 on
>> eth1:0 [eth1]
>> 2006/08/24_06:58:55 INFO: /usr/lib64/heartbeat/send_arp -i 500 -r 10 -p
>> /var/run/heartbeat/rsctmp/send_arp/send_arp-10.10.10.199 eth1
>> 10.10.10.199 auto 10.10.10.199 ffffffffffff
>>
>> Well... It indicates that it runs the right ifconfig command -- with
>> the right (non-cidr) netmask. But running 'eval' on it sounds broken..
>> - but not a problem in this context. And, the code used to explicitly
>> say 'up'. But, the man page (for Linux) says it doesn't need 'up' - so
>> I guess that's OK. I hope it works the same on other OSes. But, two
>> OSes have special cases around them. And, I see how $CMD is set -
>> there's no reason for the eval -- and I like 'up' myself ;-)
>
> I confess! But there is a reason for the eval (or at least for needing
> something similar). See below.
>
>
>> Let's see what happens when we look at the ifconfig output:
>>
>> # ifconfig eth1:0
>> eth1:0 Link encap:Ethernet HWaddr 00:0F:EA:3C:45:3C
>> inet addr:10.10.10.199 Bcast:10.10.11.255 Mask:255.255.252.0
>> UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
>> Interrupt:193 Base address:0xe800
>>
>> This is correct.
>>
>> I added a set -x into the code JUST TO MAKE SURE the eval didn't somehow
>> do the wrong thing:
>>
>> + eval /sbin/ifconfig eth1:0 10.10.10.199 netmask 255.255.252.0
>> broadcast 10.10.11.255
>> ++ /sbin/ifconfig eth1:0 10.10.10.199 netmask 255.255.252.0 broadcast
>> 10.10.11.255
>> + set +x
>
>
> The problem was that in at least one OS the command:
> ifconfig xxx:y i.j.k.l netmask p.q.r.s broadcast w.x.y.z
>
> would fail under BSC. Investigation showed that this was not generally
> true for that OS, but that the particular values in BSC would trigger a
> failure of that command. Further, separating this into three distinct
> 'ifconfig' commands would succeed.
>
> Hence the need, in that environment, to change a single, multi-argumented
> 'ifconfig' into a chain of three single-argumented commands.
>
> This is all mentioned in the comments in the code.
Which I totally didn't understand. And, I didn't notice the && in the
strings. Duhhh!
So, you're absolutely right.
I don't like eval - and it is dangerous. If one of the arguments
contains something evil, then evil things can happen.
HOWEVER, this command can only be run by root (and it enforces that) so,
if they are doing something evil, then well they didn't need this
command to do it.
Unfortunately, maybe something evil is in their environment and they
don't know it - and we use the environment extensively. So, there might
be some kind of danger hanging around here... It certainly bears a
little more thought and study - and some comments.
--
Alan Robertson <[EMAIL PROTECTED]>
"Openness is the foundation and preservative of friendship... Let me
claim from you at all times your undisguised opinions." - William
Wilberforce
_______________________________________________________
Linux-HA-Dev: [email protected]
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
