'Re: [Linux-ha-dev] Bind/stat option for IPC Authentication'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-ha-dev
Subject:    Re: [Linux-ha-dev] Bind/stat option for IPC Authentication
From:       Andrew <lists () beekhof ! homeip ! net>
Date:       2004-06-22 16:21:27
Message-ID: 360F3A3C-C468-11D8-9AD0-000A95B71D78 () beekhof ! homeip ! net
[Download RAW message or body]

On Jun 21, 2004, at 1:06 PM, Andrew wrote:

>
> On Jun 19, 2004, at 4:09 PM, Alan Robertson wrote:
>
>>> I'd love to have the stream send it by itself but Apple has kindly 
>>> crippled that functionality for me... grumble, grumble, grumble :(
>>> The only option I have left is for socket_client_channel_new() or 
>>> perhaps socket_initiate_connection() (which we provide) to construct 
>>> and send the auth data.  but even here there are ways to get around 
>>> that.  prebinding or prelinking or soemthing like that - i forget 
>>> the correct term just now - where someone makes heartbeat use a 
>>> modified version of the function instead of the one provided by HA.
>>
>> Or, since it's open source, just modify the source and rebuild.  Even 
>> easier if you're a cracker...
>>
>> The one you have about sending file descriptors around is reasonable 
>> for the uid.  For gid I'm afraid we're SOL...
>
> The lines from the patch that deal with gid are:
>
> +	if (auth_info->uid
> +	    && g_hash_table_lookup(
> +		    auth_info->uid, GUINT_TO_POINTER(stat_buf.st_uid))==NULL) {
> +		ret = IPC_FAIL;
> +	}
> +	if (auth_info->gid
> +	    && g_hash_table_lookup(
> +		    auth_info->gid, GUINT_TO_POINTER(stat_buf.st_gid))==NULL) {
> +		ret = IPC_FAIL;
> +	}
> +
> +	return ret;

Is this what you had in mind Alan?

+	
+	if ((auth_info->uid == NULL || g_hash_table_length(auth_info->uid) == 
0)
+		&& auth_info->gid != NULL
+		&& g_hash_table_size(auth_info->gid) != 0) {
+		cl_log(LOG_ERR, "GID-Only IPC security is not supported on this 
platform.");
+		ret = IPC_FAIL;
+	}
+	if (auth_info->uid
+	    && g_hash_table_lookup(
+		    auth_info->uid, GUINT_TO_POINTER(stat_buf.st_uid))==NULL) {
+		ret = IPC_FAIL;
+	}
+	if (auth_info->gid
+	    && g_hash_table_lookup(
+		    auth_info->gid, GUINT_TO_POINTER(stat_buf.st_gid))==NULL) {
+		ret = IPC_FAIL;
+	}
+
+	return ret;

>
> This logic was stolen from one of the other implementations of 
> socket_veryify_auth().  I dont really see that removing the gid check 
> increases security - its only an extra chance to fail - but I can 
> remove it if you like.
>
> Are there any other changes you'd like to see or is it ok to commit 
> the patch?
>
>>
>> Most BSD-based systems don't allow chown.  I think you can disable it 
>> in Solaris...
>
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/

_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
[prev in list] [next in list] [prev in thread] [next in thread] 