[ofa-general] Re: [RFC] IB management changes proposal
Philippe Gregoire
philippe.gregoire at cea.fr
Thu Apr 26 08:22:22 PDT 2007
Hal Rosenstock a écrit :
> On Thu, 2007-04-26 at 01:02, Michael S. Tsirkin wrote:
>
>>>> There also some few commands (ib*.pl) that are using a file
>>>> /tmp/ibnetdiscover.topology. I suggest /var/cache/ibnetdiscover.topology
>>>>
>>> I'm not sure about this one. I need to think about this more.
>>>
>> Not sure about the best placement, but surely a predictable name
>> in a world-writeable directory is a security risk?
>>
>
> Is /var/cache world writeable ? I thought it was just world readable. If
> this were to be done, I would think the opensm directory underneath this
> would be more appropriate but I'm not leaning towards doing this since I
> think the current approach is more flexible and the topology can be
> supplied to all needed commands/scripts.
>
> -- Hal
>
>
>
/var/cache is word readable. But the perl command which generate
/tmp/ibnetdiscover.topology are using ibnetdiscover command
which requires root privilege to work. So you dont need a /var/cache
world writeable directory.
Anyway putting the file in /var/cache does not forbid to make it world
readable.
grego $ ls -ld /var/cache
drwxr-xr-x 7 root root 4096 Feb 13 18:00 /var/cache
grego$ /usr/bin/ibnetdiscover -g
ibpanic: [22849] madrpc_init: can't open UMAD port ((null):0):
(Permission denied)
grego$ ibprintswitch.pl -l
Execution of ibnetdiscover failed with errors
Phil
More information about the general
mailing list