James Carlson wrote: > Anurag S. Maskey writes: > >> As detailed earlier, the cause for this is the spaces in the name of the >> secure objects. I've disallowed the spaces in the names. Also, nwamd >> replaces the spaces with "-" in the secure object name. The webrev is at: >> >> http://zhadum.east.sun.com/export/ws/am223141/checkout-area/onnv-bug-6766937/webrev/ >> > > There are several things I don't understand about the fix: > > - The CR evaluation doesn't explain _why_ space is illegal here. > What makes it so? (I'm guessing that it's used in some file > format somewhere, but the Evaluation field should give the details > about what's wrong, so that we know what's being fixed.) > wpad doesn't handle key names with spaces. I'll clear up the evaluation. > - The nwamd code asserts that both (and only) ':' and ' ' are > illegal. The man page for dladm, though, specifies a "secobj" as > an alphanumeric name, which is a much tighter restriction. Why > aren't we checking for isascii && isalnum()? Why aren't we > enforcing this tighter restriction in dladm and/or libdladm? > (Would "/" be a bad thing? How about '\n' or '\t'?) > > (Warning: compatibility issues to detangle here: almost certainly > need to change the man page as well.) > I did not know that the dladm(1M) man page suggested only alphanumeric name. I agree with the need to come up the list of allowable characters and consistent enforcement (say with a libdladm function (secobj_valid_name()), just like dladm_valid_linkname()).
I'm cc'ing networking-discuss for a bigger discussion. What characters should be allowed for secure object names? (for reference, linknames allow alphanumeric and '_'. dladm(1M) doesn't mention the underscore.) Anurag > - We currently translate ':' to '.' in nwamd, and for what appear to > be very obscure (and possibly spurious) reasons, at least > according to the comments, as I've never seen a slot number > encoded in a secobj. You've added code to translate ' ' to '-'. > Why? Why not translate to '.' (if '.' is legal at all) just the > same as for ':'? We're using '-' as a separator for other reasons > in nwamd, is it wise to use it as a replacement character, too? > > I think you should run this by meem. We need to nail down the > allowable character set for "secobj" names, and make sure we're > consistent everywhere with them. (And we may need bfu and > class-action scripts to repair damage already done to systems using > the "wrong" characters.) > > _______________________________________________ networking-discuss mailing list [email protected]
