On Wed, Oct 06, 2010 at 11:50:40AM +0200, Dejan Muhamedagic wrote:
> On Tue, Oct 05, 2010 at 07:34:31PM +0200, Lars Ellenberg wrote:
> > On Tue, Oct 05, 2010 at 04:03:47PM +0200, Dejan Muhamedagic wrote:
> > > > So it is run periodically by root (well, the lrmd, as root).
> > > > Even though the cwd of lrmd should be ok, permission wise, in case the
> > > > script does cd into somewhere (I don't think it does, now) where someone
> > > > with lesser privilege was able to place some evil *.so, the next command
> > > > executed by the script may do interesting things.
> > >
> > > I really doubt that, though it looks dangerous, there is a way to
> > > exploit this without root access.
> >
> > You never know.
> > The script itself may not, but it starts something else,
> > which may cd somewhere else, then fork/exec.
[ ... some suggestions how to fix it ... ]
> Great. Can you please apply this to the repo.
I think I have something simpler/better, even.
RFC below, if there are no objections, it will go in next week.
Someone please double check the "local IFS=:" part, maybe on some SAP
systems /bin/sh is something that does not handle that correctly?
BTW, looking at those ocf-shellfuncs, did anyone notice that
ocf_take_lock is broken, because it's racy?
Not sure if/how we should solve that, though.
possibly this could do it?
while :; do
pid=$(head -n1 $file)
[ x$pid = x$$ ] && return 0 # won the race
if [ -z "$pid" ] || ! kill -0 $pid ; then
echo $$ > $file
else
# other still running
sleep 1
fi
done
And, how about adding HUP/TERM/INT to the EXIT for the trap in
ocf_release_lock_on_exit?
Oh, and did you know that $lockfile better be an absolute path,
or you'll end up deleting something unexpected (or nothing at
all) if you cd to somewhere in the script later.
BTW2, why is "ocf_is_true ja" a true value,
but "ocf_is_true oui" is not?
Because lmb lives in Hamburg, not Paris? ;-)
# HG changeset patch
# User Lars Ellenberg <l...@linbit.com>
# Date 1287158610 -7200
# Node ID dc12cb9f7370a3cc9ecfe5d1a26da9e002a90341
# Parent 6efae155209ed2cba851d8c64a796f24ce84fd91
Low: SAPDatabase,SAPInstance: beautify LD_LIBRARY_PATH processing
relates to 2773e5850003 and bnc#640026
diff -r 6efae155209e -r dc12cb9f7370 heartbeat/.ocf-shellfuncs.in
--- a/heartbeat/.ocf-shellfuncs.in Thu Oct 14 18:39:07 2010 +0900
+++ b/heartbeat/.ocf-shellfuncs.in Fri Oct 15 18:03:30 2010 +0200
@@ -429,6 +429,26 @@
[ ! -z "${OCF_RESKEY_CRM_meta_master_max}" ] && [
"${OCF_RESKEY_CRM_meta_master_max}" -gt 0 ]
}
+# Takes one parameter (additional parameters ignored),
+# and prepends it to LD_LIBRARY_PATH.
+# If it's already there, don't add it again,
+# but make it the first component.
+# Also make sure we don't create an empty LD_LIBRARY_PATH component
+# (trailing or leading colon, or "double colon"),
+# as that is considered a security issue.
+ocf_prepend_ld_library_path()
+{
+ local x p=$1
+ local IFS=:
+ for x in $LD_LIBRARY_PATH ; do
+ [ "x$x" = "x$1" ] && continue
+ [ "x$x" = "x" ] && continue
+ p=$p:$x
+ done
+ LD_LIBRARY_PATH=$p
+ export LD_LIBRARY_PATH
+}
+
# usage: dirname DIR
dirname()
{
diff -r 6efae155209e -r dc12cb9f7370 heartbeat/SAPDatabase
--- a/heartbeat/SAPDatabase Thu Oct 14 18:39:07 2010 +0900
+++ b/heartbeat/SAPDatabase Fri Oct 15 18:03:30 2010 +0200
@@ -965,11 +965,10 @@
esac
fi
-# as root user we need the library path to the SAP kernel to be able to call
executables
-if [ `echo $LD_LIBRARY_PATH | grep -c "^$DIR_EXECUTABLE\>"` -eq 0 ]; then
- LD_LIBRARY_PATH=$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
- export LD_LIBRARY_PATH
-fi
+# As root user we need the library path to the SAP kernel
+# to be able to call executables.
+ocf_prepend_ld_library_path "$DIR_EXECUTABLE"
+
sidadm="`echo $SID | tr [:upper:] [:lower:]`adm"
# What kind of method was invoked?
diff -r 6efae155209e -r dc12cb9f7370 heartbeat/SAPInstance
--- a/heartbeat/SAPInstance Thu Oct 14 18:39:07 2010 +0900
+++ b/heartbeat/SAPInstance Fri Oct 15 18:03:30 2010 +0200
@@ -296,10 +296,7 @@
fi
# as root user we need the library path to the SAP kernel to be able to call
sapcontrol
- if [ `echo $LD_LIBRARY_PATH | grep -c "^$DIR_EXECUTABLE\>"` -eq 0 ]; then
- LD_LIBRARY_PATH=$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
- export LD_LIBRARY_PATH
- fi
+ ocf_prepend_ld_library_path "$DIR_EXECUTABLE"
sidadm="`echo $SID | tr [:upper:] [:lower:]`adm"
--
: Lars Ellenberg
: LINBIT | Your Way to High Availability
: DRBD/HA support and consulting http://www.linbit.com
DRBD® and LINBIT® are registered trademarks of LINBIT, Austria.
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/
