Re: [Linux-ha-dev] Crowd-sourceing request to review RAs for missing input sanitation/missing quotes/missing escapes etc. [Was: New OCF RA: symlink]

Fri, 22 Apr 2011 01:58:04 -0700 

On Thu, Apr 21, 2011 at 03:19:10PM +0200, Florian Haas wrote:
> On 2011-04-20 19:00, Lars Ellenberg wrote:
> > On Wed, Apr 20, 2011 at 06:49:48PM +0200, Lars Ellenberg wrote:
> > [a lot]
> >
> > I know I'm paranoid.
> > Am I too paranoid?
> 
> Patches welcome.

That phrase does work as reply to everything
you don't want to hear about ;-)

Just because we probably have resource agents in tree
that don't do proper input sanitation,
and some of them may even do things like eval,
or forget to quote parameters that need to be quoted ...

Just because we have such stuff in tree already,
does not mean we must take more of the same.
Or that we must ignore that it could be a problem.
Or that x="some link name" and then doing ln $x y instead of ln "$x" y
is simply wrong code.

If we can fix things when taking them in, we should do that.
That's naturally the point in time when they get most attention.
So that's also when all potential issues should be brought up.
And no, just because someone spots a potential problem does not make
it his job to fix it.

Of course we should also crowd source a review
for the resource agents we already have.

Improper use of input parameters becomes more important with the cib
supporting ACLs, as then it becomes a potential privilege escalation
problem.

Whereas as long as you assume anyone with access to the cib
is basically equivalent to root on the cluster nodes anyways,
it is only an annoyance, and should be fixed anyways.

Those resource agents I have actually read (as opposed to quickly
browsed over or not even looked at) at least have nothing obvious
of the sort.



As for the symlink RA, I still think it is a good idea to use an
indirection scheme, instead of using the symlinks directly.

/etc/cron.d -> /etc/cluster-symlinks/cron.d
      -> /mnt/somewhere/cron.d

does not only prevent the RA from removing unrelated files
unintentionally, but also has the nice propery to clearly show
/etc/cron.d is managed by this system, and makes it very fast to get an
overview which links currently are supposed to be managed by that system.

        Lars
_______________________________________________________
Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org
http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev
Home Page: http://linux-ha.org/

Reply via email to