[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha-dev
Subject: Re: [Linux-ha-dev] Bind/stat option for IPC Authentication
From: Andrew <lists () beekhof ! homeip ! net>
Date: 2004-06-22 16:21:27
Message-ID: 360F3A3C-C468-11D8-9AD0-000A95B71D78 () beekhof ! homeip ! net
[Download RAW message or body]
On Jun 21, 2004, at 1:06 PM, Andrew wrote:
>
> On Jun 19, 2004, at 4:09 PM, Alan Robertson wrote:
>
>>> I'd love to have the stream send it by itself but Apple has kindly
>>> crippled that functionality for me... grumble, grumble, grumble :(
>>> The only option I have left is for socket_client_channel_new() or
>>> perhaps socket_initiate_connection() (which we provide) to construct
>>> and send the auth data. but even here there are ways to get around
>>> that. prebinding or prelinking or soemthing like that - i forget
>>> the correct term just now - where someone makes heartbeat use a
>>> modified version of the function instead of the one provided by HA.
>>
>> Or, since it's open source, just modify the source and rebuild. Even
>> easier if you're a cracker...
>>
>> The one you have about sending file descriptors around is reasonable
>> for the uid. For gid I'm afraid we're SOL...
>
> The lines from the patch that deal with gid are:
>
> + if (auth_info->uid
> + && g_hash_table_lookup(
> + auth_info->uid, GUINT_TO_POINTER(stat_buf.st_uid))==NULL) {
> + ret = IPC_FAIL;
> + }
> + if (auth_info->gid
> + && g_hash_table_lookup(
> + auth_info->gid, GUINT_TO_POINTER(stat_buf.st_gid))==NULL) {
> + ret = IPC_FAIL;
> + }
> +
> + return ret;
Is this what you had in mind Alan?
+
+ if ((auth_info->uid == NULL || g_hash_table_length(auth_info->uid) ==
0)
+ && auth_info->gid != NULL
+ && g_hash_table_size(auth_info->gid) != 0) {
+ cl_log(LOG_ERR, "GID-Only IPC security is not supported on this
platform.");
+ ret = IPC_FAIL;
+ }
+ if (auth_info->uid
+ && g_hash_table_lookup(
+ auth_info->uid, GUINT_TO_POINTER(stat_buf.st_uid))==NULL) {
+ ret = IPC_FAIL;
+ }
+ if (auth_info->gid
+ && g_hash_table_lookup(
+ auth_info->gid, GUINT_TO_POINTER(stat_buf.st_gid))==NULL) {
+ ret = IPC_FAIL;
+ }
+
+ return ret;
>
> This logic was stolen from one of the other implementations of
> socket_veryify_auth(). I dont really see that removing the gid check
> increases security - its only an extra chance to fail - but I can
> remove it if you like.
>
> Are there any other changes you'd like to see or is it ok to commit
> the patch?
>
>>
>> Most BSD-based systems don't allow chown. I think you can disable it
>> in Solaris...
>
> _______________________________________________________
> Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
> http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
> Home Page: http://linux-ha.org/
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic