[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ha-dev
Subject: [Linux-ha-dev] Re: [Linux-HA] Heartbeat Signon Fails when called in
From: Lars Marowsky-Bree <lmb () suse ! de>
Date: 2004-06-24 7:53:03
Message-ID: 20040624075303.GH18601 () marowsky-bree ! de
[Download RAW message or body]
On 2004-06-23T15:02:22,
"Salman, Basith" <Basith.Salman@ca.com> said:
Let's move this to the -dev list, please.
> Signon to HB fails (although the error code from sigon is HA_OK) when
> called from a client thread as the client threads parent PID is
> compared with the thread id (from getsockopt's PEERCRED option), this
> is so on 2.4.21-4.0.1.EL linux kernel (redhat).
The heartbeat libraries are not thread-safe in general...
Though what ought to work (and I hope this is what you are doing) is to
have a single worker thread interface with heartbeat and gate all
heartbeat stuff through it. Is it this what you are doing?
> However,Since this is an issue with us working on OpenDLM I was
> wondering if this auth check for the pid could be ifdeffed out from
> open HB source as below in hb_api.c as:
>
> diff hb_api.c.orig hb_api.c
> 1312a1313
> > #ifdef FARSIDE_PID_CHECK
> 1322a1324
> > #endif
A unified diff would make it more obvious what you are really commenting
out here ;-) (I can see it from the context of the discussion of course,
but -u diffs are just easier to read and to merge after code changes.)
But no, that fix is not sufficient; it tries to prevent us from being
tricked into sending signals to random processes.
If anything, it'd at least need to make sure the F_PID at least belongs
to the same uid as the farside pid - so that the process cannot escalate
it's privileges this way.
Alan?
But if it's a kernel bug, it really needs fixing in the kernel.
Sincerely,
Lars Marowsky-Brée <lmb@suse.de>
--
High Availability & Clustering \ ever tried. ever failed. no matter.
SUSE Labs, Research and Development | try again. fail again. fail better.
SUSE LINUX AG - A Novell company \ -- Samuel Beckett
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic