lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20061210232316.GD32577@elf.ucw.cz>
Date:	Mon, 11 Dec 2006 00:23:16 +0100
From:	Pavel Machek <pavel@....cz>
To:	Wouter Verhelst <wouter@...p.be>
Cc:	Paul Clements <paul.clements@...eleye.com>, akpm@...l.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] nbd: show nbd client pid in sysfs

On Mon 2006-12-11 00:18:01, Wouter Verhelst wrote:
> On Sun, Dec 10, 2006 at 08:58:19PM +0100, Pavel Machek wrote:
> > Hi!
> 
> Hi
> 
> > > > > This simple patch allows nbd to expose the nbd-client 
> > > > > daemon's PID in /sys/block/nbd<x>/pid. This is helpful 
> > > > > for tracking connection status of a device and for 
> > > > > determining which nbd devices are currently in use.
> > > > 
> > > > Actually is it needed at all? Perhaps nbd clients should be modified
> > > > to put nbdX in their process nam?
> > > 
> > > I don't think that's the right approach; only the kernel can guarantee
> > > that a given process is actually managing a given nbd device (I could
> > > have some rogue process running around announcing that it's managing
> > > nbd2, and then what?)
> > 
> > I'd say "do not run rogue processes as root" :-).
> > 
> > nbd-client should run as root -- I do not think interface was
> > carefully audited to run it as a user -- so rogue process should not
> > really be a problem.
> 
> IOW, you're suggesting I walk the process list from userspace to find a
> process for which a) it claims it's running for a given nbd device, and
> b) I can verify that it actually has the permissions to do so. That's a
> whole lot of code in comparison to
> 
> f=open("/sys/block/nbd2/pid", O_RDONLY);
> read(f,buf,len);
> 
> I think I very much prefer the above two lines, not only for simplicity.
> 
> Also, your suggestion relies on users /only/ using the official
> nbd-client, and is fragile in cases where that assumption is false
> (i.e., it's susceptible to false negatives). The suggested patch does
> not have that problem.

I do not think finding out "which pid is controlling nbd#2" is _that_
important.

We have /var/lock files for ttyS*, I do not see reason why nbd should
be different. Actually you could copy /var/lock approach.

And BTW that /sys/ thingie is racy by design (as is the log file). By
the time you try to do anything with that PID, process may be gone.
									Pavel
-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ