lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 10 Feb 2012 09:23:48 -0800
From:	"Nelson, Doug" <doug.nelson@...el.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
CC:	Matthew Wilcox <willy@...ux.intel.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org
Subject: Re: scsi_id: sending ioctl 2285 to a partition

On 02/10/2012 12:17 AM, Paolo Bonzini wrote:
> On 02/09/2012 10:00 PM, Matthew Wilcox wrote:
>> On Thu, Feb 09, 2012 at 12:42:00PM -0800, Linus Torvalds wrote:
>>> On Thu, Feb 9, 2012 at 12:29 PM, Matthew 
>>> Wilcox<willy@...ux.intel.com>  wrote:
>>>>
>>>> Commit 0bfc96cb77 adds this printk that triggers tens of thousands of
>>>> times during a run of "a well-known database benchmark".  0x2285 is 
>>>> SG_IO.
>>>> I'm not sure why scsi_id feels that it needs to repeatedly send a SCSI
>>>> INQUIRY to a partition, but there we are.
>>>
>>> So is it doing this as root (in which case we end up allowing it) or
>>> as a normal user (in which case we end up disallowing it)?
>>
>> I'm pretty sure it's doing it as root ... it'll be run by udev, after 
>> all.
>
> What does the rule look like?  Here it is like this:
>
> # scsi devices
> KERNEL=="sd*[!0-9]|sr*", ENV{ID_SERIAL}!="?*",
> IMPORT{program}="scsi_id --export --whitelisted -d $tempnode",
> ENV{ID_BUS}="scsi"

The rule I had was not excluding partitions.   I'll fix that and try again.


thanks,

doug

>
> which should exclude partitions, and indeed I don't see any such 
> message.  I also have this rule:
>
> # for partitions import parent information
> ENV{DEVTYPE}=="partition", IMPORT{parent}="ID_*"
>
> which makes it clear that udev does not need to send INQUIRY to the 
> partition.
>
>>> And does it all work well apart from the printk? Because the printk
>>> itself is scheduled to be removed, it's only there to hear about users
>>> that may be doing crazy things that got disallowed by the patches in
>>> question?
>>
>> If it is being run as root, then the printk is pointless, right?
>
> At the time the printk is removed, access also will be disallowed to 
> root.
>
> Paolo

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ