***SPAM*** Re: [ofa-general] Allowing end-users to query for fabric information

[Hal Rosenstock]

On Mon, Oct 6, 2008 at 11:27 AM, Mike Heinz <michael.heinz at qlogic.com> wrote:
> Well,
>
> I guess that's my point - I'd like to be able to create tools for
> non-root users that would collect interesting information about the
> fabric. As far as I know, this should be a safe operation, because the
> SA should be protected by the m-key - but it seems that the policy in
> OFED is that this is not a safe operation and access must be tightly
> controlled.

Do you mean SM or SA ?

Subverting the SM is not a good idea. The SM is the central point for
setting up SM attributes. Policy needs to be instilled through the SM.

There are some SA attributes which are somewhat dangerous too as they
are essentially writable as well from an end node.

Furthermore, most fabrics do not utilize MKey protection so the second
level is not there yet and only the most primitive form of this is
available within some SMs.

> While it's a trivial task to patch OFED to give non-root users access to
> the /dev/infiniband/umad* devices, I certainly don't want to provide
> tools to my users that create security holes in the fabric.

IMO this would do that although I would phrase it slightly differently.

-- Hal

> --
> Michael Heinz
> Principal Engineer, Qlogic Corporation
> King of Prussia, Pennsylvania
>
> -----Original Message-----
> From: Hal Rosenstock [mailto:hal.rosenstock at gmail.com]
> Sent: Monday, October 06, 2008 11:16 AM
> To: Mike Heinz
> Cc: Roland Dreier; general at lists.openfabrics.org
> Subject: Re: [ofa-general] Allowing end-users to query for fabric
> information
>
> Mike,
>
> On Mon, Oct 6, 2008 at 11:09 AM, Mike Heinz <michael.heinz at qlogic.com>
> wrote:
>> Roland,
>>
>> I've been thinking about this some more and I have to say I'm still a
>> bit confused. Are you saying that any root user on any node of the
>> fabric can change the routing tables? Isn't the ability to access and
>> alter subnet information controlled via the management key?
>
> There are two levels to this. First you must be able to send the MAD and
> once that can happen the receiving SMA performs the usual MKey checks
> which depend on the protection level assuming it is an SM class MAD like
> the one to change the routing tables.
>
> -- Hal
>
>>
>>
>> --
>> Michael Heinz
>> Principal Engineer, Qlogic Corporation King of Prussia, Pennsylvania
>>
>> -----Original Message-----
>> From: general-bounces at lists.openfabrics.org
>> [mailto:general-bounces at lists.openfabrics.org] On Behalf Of Mike Heinz
>> Sent: Monday, September 22, 2008 3:19 PM
>> To: Roland Dreier
>> Cc: general at lists.openfabrics.org
>> Subject: RE: [ofa-general] Allowing end-users to query for fabric
>> information
>>
>> Thanks for the explanation.
>>
>>
>> --
>> Michael Heinz
>> Principal Engineer, Qlogic Corporation King of Prussia, Pennsylvania
>>
>> -----Original Message-----
>> From: Roland Dreier [mailto:rdreier at cisco.com]
>> Sent: Monday, September 22, 2008 3:18 PM
>> To: Mike Heinz
>> Cc: general at lists.openfabrics.org
>> Subject: Re: [ofa-general] Allowing end-users to query for fabric
>> information
>>
>>  > What was the reason for making this design choice? While I could  >
>
>> certainly provide boot scripts to change the permissions to  >
>> /dev/infiniband/umad*, I'd rather understand why the decision was made
>>> to restrict access.
>>
>> because /dev/infiniband/umadX allows full unfiltered access to
>> send/receive any MADs.  Including changing routing tables, bringing
>> ports down, etc.  Not stuff that unprivileged users should be able to
>> do.
>>
>> It would make sense to have a higher-level interface that only allows
>> safe queries without side effects, but that's quite a bit more work
>> than just changing permissions on device nodes.
>>
>>  - R.
>> _______________________________________________
>> general mailing list
>> general at lists.openfabrics.org
>> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
>>
>> To unsubscribe, please visit
>> http://openib.org/mailman/listinfo/openib-general
>> _______________________________________________
>> general mailing list
>> general at lists.openfabrics.org
>> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
>>
>> To unsubscribe, please visit
>> http://openib.org/mailman/listinfo/openib-general
>>
>