On Wed, Sep 10, 2008 at 11:21:12AM -0600, Serge Dubrouski wrote: > Do not use -T option on perl command line.
Did you try this? > On Wed, Sep 10, 2008 at 11:15 AM, Knight, Doug <[EMAIL PROTECTED]> wrote: > > Is there a way to control this behavior (force matching real and > > effective user IDs), at least for the lrmd? No, there's no way to control that. Thanks, Dejan > > We've encountered an issue > > with some perl script HA resources. It seems that when a process that > > does not have matching real and effective user IDs starts a perl script, > > perl automatically enables data "tainting", with a similar security > > purpose in mind. The data that first goes into our scripts which comes > > in tainted when run from under HA control goes through a global pattern > > match, triggering a known bug in perl. According to the perl docs it can > > cause an infinite loop, memory leaks, etc. We have a work-around we're > > implementing in our scripts, but I wanted to explore the possibility of > > altering the behavior coming out of heartbeat. > > > > Doug > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Dejan > > Muhamedagic > > Sent: Wednesday, September 10, 2008 12:24 PM > > To: General Linux-HA mailing list > > Subject: Re: [Linux-HA] Real vs Effective userids for heartbeat > > processes > > > > On Wed, Sep 10, 2008 at 10:39:43AM -0400, Knight, Doug wrote: > >> All, > >> > >> Why do certain heartbeat processes run with a real user ID of root, > > but > >> an effective user ID of nobody? > > > > It was introduced before I got here, but I'm sure that it was for > > security reasons. The less code runs as root, the less potential > > vulnerabilities. > > > > Thanks, > > > > Dejan > > > >> The specific processes on our system > >> that run this way are FIFO reader, write: bcast eth1, read:bcast eth1, > >> write: ucast eth1, read: ucast eth1 lrmd, and stonithd. The other > >> processes run either as root:root (master control process and mgmtd) > > or > >> as 24:24 (ccm, cib, attrd, and crmd). > >> > >> > >> > >> Thanks, > >> > >> Doug Knight > >> > >> WSI Corp > >> > >> _______________________________________________ > >> Linux-HA mailing list > >> [email protected] > >> http://lists.linux-ha.org/mailman/listinfo/linux-ha > >> See also: http://linux-ha.org/ReportingProblems > > _______________________________________________ > > Linux-HA mailing list > > [email protected] > > http://lists.linux-ha.org/mailman/listinfo/linux-ha > > See also: http://linux-ha.org/ReportingProblems > > > > _______________________________________________ > > Linux-HA mailing list > > [email protected] > > http://lists.linux-ha.org/mailman/listinfo/linux-ha > > See also: http://linux-ha.org/ReportingProblems > > > > > > -- > Serge Dubrouski. > _______________________________________________ > Linux-HA mailing list > [email protected] > http://lists.linux-ha.org/mailman/listinfo/linux-ha > See also: http://linux-ha.org/ReportingProblems _______________________________________________ Linux-HA mailing list [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha See also: http://linux-ha.org/ReportingProblems
