lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Thu, 8 Sep 2016 17:57:15 -0700
From:   Stephen Hemminger <stephen@...workplumber.org>
To:     Jay Vosburgh <jay.vosburgh@...onical.com>
Cc:     "Kaur\, Jasminder" <jasminder.kaur@....com>, vfalico@...il.com,
        gospo@...ulusnetworks.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, vasundhara.gurunath@....com,
        paulose.kuriakose.arackal@....com
Subject: Re: [PATCH] bonding: Prevent deletion of a bond, or the last slave
 from a bond, with active usage.

On Tue, 06 Sep 2016 08:08:59 -0700
Jay Vosburgh <jay.vosburgh@...onical.com> wrote:

> Kaur, Jasminder <jasminder.kaur@....com> wrote:
> 
> >From: "Kaur, Jasminder" <jasminder.kaur@....com>
> >
> >If a bond is in use such as with IP address configured, removing it
> >can result in application disruptions. If bond is used for cluster
> >communication or network file system interfaces, removing it can cause
> >system down time.
> >
> >An additional write option “?-” is added to sysfs bond interfaces as
> >below, in order to prevent accidental deletions while bond is in use.
> >In the absence of any usage, the below option proceeds with bond deletion.
> >“ echo "?-bondX" > /sys/class/net/bonding_masters “ .
> >If usage is detected such as an IP address configured, deletion is
> >prevented with appropriate message logged to syslog.  
> 
> 	The issue of interfaces being arbitrarily changed or deleted is
> not specific to bonding, and could affect any networking device
> (physical or virtual).  Thus, if a facility such as this is to be
> provided, it should be generic, not specific to bonding.
> 
> 	Separately, I'm not sure I see the value of such an option.
> Other than administrator error, I'm not sure when bonds (or other
> interfaces) would be randomly deleted.  Are you seeing that happening?
> 
> 	Also, this patch does not prevent other errors or malicious
> change, e.g., "ip link set bondX down" or "ip addr del 1.2.3.4/24" would
> still cause the service disruption you're trying to avoid.
> 
> 	And, lastly, what Jiri said: use netlink for new bonding
> functionality, not sysfs.
> 
> 	-J
> 
> >In the absence of any usage, the below option proceeds with deletion of
> >slaves from a bond.
> >“ echo "?-enoX" > /sys/class/net/bondX/bonding/slaves “ .
> >If usage is detected such as an IP address configured on bond, deletion
> >is prevented if the last slave is being removed from bond.
> >An appropriate message is logged to syslog.
> >
> >Signed-off-by: Jasminder Kaur <jasminder.kaur@....com>

I agree with Jay. Unless the kernel would crash there is no reason to prevent
a user with sufficient permissions from deleting a device.

Powered by blists - more mailing lists