[PATCH] Remove all uses of "/tmp" from perl diag (Was Re: [ofa-general] Re: [RFC] IB management changes proposal)
Ira Weiny
weiny2 at llnl.gov
Thu Apr 26 20:52:03 PDT 2007
On Thu, 26 Apr 2007 19:47:04 -0700
Roland Dreier <rdreier at cisco.com> wrote:
> > > I'm sorry, I'm not familiar with the code.
> > > I was just saying that using /tmp/ibnetdiscover.topology is clearly
> > > a security risk since /tmp is world-writeable. Isn't it?
> >
> > However, I think the risk is pretty low. The scripts only use this information
> > to report other information about the subnet. The only damage would be if an
> > admin misinterpreted this information and did something bad to the net.
>
> You're not being devious enough. Look up "symlink attack" to see one
> idea of something evil that an attacker could do.
Ok, you scared me. ;-) How about the following patch? Would an autoconf
option be better?
Ira
>From 4f3c4c69bf7920284ea9894246abc540b4d99cfb Mon Sep 17 00:00:00 2001
From: Ira K. Weiny <weiny2 at llnl.gov>
Date: Thu, 26 Apr 2007 20:40:50 -0700
Subject: [PATCH] Remove all uses of "/tmp" from perl diags
Remove all the uses of /tmp for cached application data. Replace with a
global defined to /var/cache/infiniband-diags.
Signed-off-by: Ira K. Weiny <weiny2 at llnl.gov>
---
diags/scripts/IBswcountlimits.pm | 17 ++++++++++++++---
diags/scripts/ibfindnodesusing.pl | 4 ++--
diags/scripts/ibprintca.pl | 6 +++---
diags/scripts/ibprintswitch.pl | 6 +++---
diags/scripts/ibqueryerrors.pl | 4 ++--
diags/scripts/ibswportwatch.pl | 7 ++++---
6 files changed, 28 insertions(+), 16 deletions(-)
diff --git a/diags/scripts/IBswcountlimits.pm b/diags/scripts/IBswcountlimits.pm
index e214f67..1c884e9 100755
--- a/diags/scripts/IBswcountlimits.pm
+++ b/diags/scripts/IBswcountlimits.pm
@@ -43,6 +43,7 @@ use strict;
@IBswcountlimits::suppress_errors = ();
$IBswcountlimits::link_ends = undef;
$IBswcountlimits::pause_time = 10;
+$IBswcountlimits::cache_dir = "/var/cache/infiniband-diags";
# all the PM counters
@IBswcountlimits::counters = (
@@ -204,9 +205,19 @@ sub any_counts
# =========================================================================
#
+sub ensure_cache_dir
+{
+ if (!(-d "$IBswcountlimits::cache_dir")) {
+ mkdir $IBswcountlimits::cache_dir, 0700;
+ }
+}
+
+# =========================================================================
+#
sub generate_ibnetdiscover_topology
{
- `ibnetdiscover -g > /tmp/ibnetdiscover.topology`;
+ ensure_cache_dir;
+ `ibnetdiscover -g > $IBswcountlimits::cache_dir/ibnetdiscover.topology`;
if ($? != 0) {
die "Execution of ibnetdiscover failed with errors\n";
}
@@ -216,8 +227,8 @@ sub generate_ibnetdiscover_topology
#
sub get_link_ends
{
- if (!(-f "/tmp/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
- open IBNET_TOPO, "</tmp/ibnetdiscover.topology" or die "Failed to open ibnet topology: $!\n";
+ if (!(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
+ open IBNET_TOPO, "<$IBswcountlimits::cache_dir/ibnetdiscover.topology" or die "Failed to open ibnet topology: $!\n";
my $in_switch = "no";
my $desc = "";
my $guid = "";
diff --git a/diags/scripts/ibfindnodesusing.pl b/diags/scripts/ibfindnodesusing.pl
index 971424f..36439bc 100755
--- a/diags/scripts/ibfindnodesusing.pl
+++ b/diags/scripts/ibfindnodesusing.pl
@@ -88,7 +88,7 @@ if (defined $Getopt::Std::opt_R) { $rege
my $target_switch = $ARGV[0];
my $target_port = $ARGV[1];
-if ($regenerate_map || !(-f "/tmp/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
+if ($regenerate_map || !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
if ($target_switch eq "" || $target_port eq "")
{
@@ -159,7 +159,7 @@ sub compress_hostlist
sub main
{
my $found_switch = undef;
- open IBNET_TOPO, "</tmp/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
+ open IBNET_TOPO, "<$IBswcountlimits::cache_dir/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
my $in_switch = "no";
my $switch_guid = "";
my $desc = undef;
diff --git a/diags/scripts/ibprintca.pl b/diags/scripts/ibprintca.pl
index 39f8ecb..183f23e 100755
--- a/diags/scripts/ibprintca.pl
+++ b/diags/scripts/ibprintca.pl
@@ -62,11 +62,11 @@ if (defined $Getopt::Std::opt_l) { $list
my $target_hca = $ARGV[0];
-if ($regenerate_map || !(-f "/tmp/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
+if ($regenerate_map || !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
if ($list_hcas)
{
- system ("ibhosts /tmp/ibnetdiscover.topology");
+ system ("ibhosts $IBswcountlimits::cache_dir/ibnetdiscover.topology");
exit 1;
}
@@ -80,7 +80,7 @@ if ($target_hca eq "")
sub main
{
my $found_hca = undef;
- open IBNET_TOPO, "</tmp/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
+ open IBNET_TOPO, "<$IBswcountlimits::cache_dir/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
my $in_hca = "no";
my %ports = undef;
while (my $line = <IBNET_TOPO>)
diff --git a/diags/scripts/ibprintswitch.pl b/diags/scripts/ibprintswitch.pl
index 2ce3bbe..5ab8f65 100755
--- a/diags/scripts/ibprintswitch.pl
+++ b/diags/scripts/ibprintswitch.pl
@@ -62,11 +62,11 @@ if (defined $Getopt::Std::opt_l) { $list
my $target_switch = $ARGV[0];
-if ($regenerate_map || !(-f "/tmp/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
+if ($regenerate_map || !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
if ($list_switches)
{
- system ("ibswitches /tmp/ibnetdiscover.topology");
+ system ("ibswitches $IBswcountlimits::cache_dir/ibnetdiscover.topology");
exit 1;
}
@@ -80,7 +80,7 @@ if ($target_switch eq "")
sub main
{
my $found_switch = undef;
- open IBNET_TOPO, "</tmp/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
+ open IBNET_TOPO, "<$IBswcountlimits::cache_dir/ibnetdiscover.topology" or die "Failed to open ibnet topology\n";
my $in_switch = "no";
my %ports = undef;
while (my $line = <IBNET_TOPO>)
diff --git a/diags/scripts/ibqueryerrors.pl b/diags/scripts/ibqueryerrors.pl
index e894eb8..9343fcf 100755
--- a/diags/scripts/ibqueryerrors.pl
+++ b/diags/scripts/ibqueryerrors.pl
@@ -113,7 +113,7 @@ sub get_counts
my %switches = ();
sub get_switches
{
- my $data = `ibswitches /tmp/ibnetdiscover.topology`;
+ my $data = `ibswitches $IBswcountlimits::cache_dir/ibnetdiscover.topology`;
my @lines = split("\n", $data);
foreach my $line (@lines) {
if ($line =~ /^Switch\s+:\s+(\w+)\s+ports\s+(\d+)\s+.*/)
@@ -164,7 +164,7 @@ sub main
my $msg = join(",", @IBswcountlimits::suppress_errors);
print "Suppressing: $msg\n";
}
- if ($regenerate_map || !(-f "/tmp/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
+ if ($regenerate_map || !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology")) { generate_ibnetdiscover_topology; }
get_switches;
get_link_ends;
foreach my $sw_addr (keys %switches) {
diff --git a/diags/scripts/ibswportwatch.pl b/diags/scripts/ibswportwatch.pl
index e844acb..e16d15e 100755
--- a/diags/scripts/ibswportwatch.pl
+++ b/diags/scripts/ibswportwatch.pl
@@ -111,13 +111,14 @@ sub get_new_counts
my $addr = $_[0];
my $port = $_[1];
mv_counts;
- if (system("perfquery $GUID $addr $port > /tmp/perfquery.out"))
+ ensure_cache_dir;
+ if (system("perfquery $GUID $addr $port > $IBswcountlimits::cache_dir/perfquery.out"))
{
print "perfquery failed : \"perfquery $GUID $addr $port\"\n";
- system("cat /tmp/perfquery.out");
+ system("cat $IBswcountlimits::cache_dir/perfquery.out");
exit 1;
}
- open PERF_QUERY, "</tmp/perfquery.out" or die "perfquery failed";
+ open PERF_QUERY, "<$IBswcountlimits::cache_dir/perfquery.out" or die "perfquery failed";
while (my $line = <PERF_QUERY>)
{
foreach my $count (@IBswcountlimits::counters)
--
1.4.4
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Remove-all-uses-of-tmp-from-perl-diags.txt
URL: <http://lists.openfabrics.org/pipermail/general/attachments/20070426/f7a1d112/attachment.txt>
More information about the general
mailing list