[ofa-general] [PATCH] infiniband-diags: terminate perl scripts with error if not root
Hal Rosenstock
hrosenstock at xsigo.com
Thu May 22 11:08:00 PDT 2008
On Thu, 2008-05-22 at 08:17 -0700, Hal Rosenstock wrote:
> Tim,
>
> On Thu, 2008-05-22 at 08:15 -0700, Timothy A. Meier wrote:
> > Sasha,
> >
> > Trivial patch to enforce root for these perl scripts. More importantly,
> > doesn't silently fail if not root, and returns an error code.
>
> Should these enforce root or be based on udev permissions for umad which
> default to root ?
>
> -- Hal
>
> > plain text document attachment (0001-infiniband-diags-terminate-perl-
> > scripts-with-error.patch)
> > >From f4058a22d31dc31f0e8ecdffcc42bff065eefcce Mon Sep 17 00:00:00 2001
> > From: Tim Meier <meier3 at llnl.gov>
> > Date: Wed, 21 May 2008 16:40:18 -0700
> > Subject: [PATCH] infiniband-diags: terminate perl scripts with error if not root
> >
> > Adds the "auth_check" routine at the beginning of each main, which
> > terminates with an error if not invoked as root.
> >
> > Signed-off-by: Tim Meier <meier3 at llnl.gov>
> > ---
> > infiniband-diags/scripts/IBswcountlimits.pm | 10 ++++++++++
> > infiniband-diags/scripts/ibfindnodesusing.pl | 1 +
> > infiniband-diags/scripts/ibidsverify.pl | 1 +
> > infiniband-diags/scripts/iblinkinfo.pl | 1 +
> > infiniband-diags/scripts/ibprintca.pl | 1 +
> > infiniband-diags/scripts/ibprintrt.pl | 1 +
> > infiniband-diags/scripts/ibprintswitch.pl | 1 +
> > infiniband-diags/scripts/ibqueryerrors.pl | 1 +
> > infiniband-diags/scripts/ibswportwatch.pl | 1 +
> > 9 files changed, 18 insertions(+), 0 deletions(-)
> >
> > diff --git a/infiniband-diags/scripts/IBswcountlimits.pm b/infiniband-diags/scripts/IBswcountlimits.pm
> > index 9bc356f..0b7563e 100755
> > --- a/infiniband-diags/scripts/IBswcountlimits.pm
> > +++ b/infiniband-diags/scripts/IBswcountlimits.pm
> > @@ -123,6 +123,16 @@ sub check_counters
> > "Total number of packets, excluding link packets, received on all VLs to the port"
> > );
> >
> > +# =========================================================================
> > +# only root is authorized, terminate with msg and err code
> > +#
> > +sub auth_check
> > +{
> > + if ( $> != 0 ) {
> > + die "Permission denied, must be root\n";
> > + }
I think all that's needed is a slightly more sophisticated auth_check
than this :-) It could easily be a follow on patch to this.
-- Hal
> > +}
> > +
> > sub check_data_counters
> > {
> > my $print_action = $_[0];
> > diff --git a/infiniband-diags/scripts/ibfindnodesusing.pl b/infiniband-diags/scripts/ibfindnodesusing.pl
> > index 1bf0987..49003af 100755
> > --- a/infiniband-diags/scripts/ibfindnodesusing.pl
> > +++ b/infiniband-diags/scripts/ibfindnodesusing.pl
> > @@ -168,6 +168,7 @@ sub compress_hostlist
> > #
> > sub main
> > {
> > + auth_check;
> > my $found_switch = undef;
> > my $cache_file = get_cache_file($ca_name, $ca_port);
> > open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet topology\n";
> > diff --git a/infiniband-diags/scripts/ibidsverify.pl b/infiniband-diags/scripts/ibidsverify.pl
> > index de78e6b..b857166 100755
> > --- a/infiniband-diags/scripts/ibidsverify.pl
> > +++ b/infiniband-diags/scripts/ibidsverify.pl
> > @@ -163,6 +163,7 @@ sub insert_portguid
> >
> > sub main
> > {
> > + auth_check;
> > if ($regenerate_map
> > || !(-f "$IBswcountlimits::cache_dir/ibnetdiscover.topology"))
> > {
> > diff --git a/infiniband-diags/scripts/iblinkinfo.pl b/infiniband-diags/scripts/iblinkinfo.pl
> > index a195474..4bb9598 100755
> > --- a/infiniband-diags/scripts/iblinkinfo.pl
> > +++ b/infiniband-diags/scripts/iblinkinfo.pl
> > @@ -98,6 +98,7 @@ my $extra_smpquery_params = get_ca_name_port_param_string($ca_name, $ca_port);
> >
> > sub main
> > {
> > + auth_check;
> > get_link_ends($regenerate_map, $ca_name, $ca_port);
> > if (defined($direct_route)) {
> > # convert DR to guid, then use original single_switch option
> > diff --git a/infiniband-diags/scripts/ibprintca.pl b/infiniband-diags/scripts/ibprintca.pl
> > index 38b4330..d5c5fba 100755
> > --- a/infiniband-diags/scripts/ibprintca.pl
> > +++ b/infiniband-diags/scripts/ibprintca.pl
> > @@ -88,6 +88,7 @@ if ($target_hca eq "") {
> > #
> > sub main
> > {
> > + auth_check;
> > my $found_hca = undef;
> > open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet topology\n";
> > my $in_hca = "no";
> > diff --git a/infiniband-diags/scripts/ibprintrt.pl b/infiniband-diags/scripts/ibprintrt.pl
> > index 86dcb64..c6070ff 100755
> > --- a/infiniband-diags/scripts/ibprintrt.pl
> > +++ b/infiniband-diags/scripts/ibprintrt.pl
> > @@ -88,6 +88,7 @@ if ($target_rt eq "") {
> > #
> > sub main
> > {
> > + auth_check;
> > my $found_rt = undef;
> > open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet topology\n";
> > my $in_rt = "no";
> > diff --git a/infiniband-diags/scripts/ibprintswitch.pl b/infiniband-diags/scripts/ibprintswitch.pl
> > index 6712201..41a5131 100755
> > --- a/infiniband-diags/scripts/ibprintswitch.pl
> > +++ b/infiniband-diags/scripts/ibprintswitch.pl
> > @@ -87,6 +87,7 @@ if ($target_switch eq "") {
> > #
> > sub main
> > {
> > + auth_check;
> > my $found_switch = undef;
> > open IBNET_TOPO, "<$cache_file" or die "Failed to open ibnet topology\n";
> > my $in_switch = "no";
> > diff --git a/infiniband-diags/scripts/ibqueryerrors.pl b/infiniband-diags/scripts/ibqueryerrors.pl
> > index c807c02..3330687 100755
> > --- a/infiniband-diags/scripts/ibqueryerrors.pl
> > +++ b/infiniband-diags/scripts/ibqueryerrors.pl
> > @@ -185,6 +185,7 @@ $cache_file = get_cache_file($ca_name, $ca_port);
> >
> > sub main
> > {
> > + auth_check;
> > if (@IBswcountlimits::suppress_errors) {
> > my $msg = join(",", @IBswcountlimits::suppress_errors);
> > print "Suppressing: $msg\n";
> > diff --git a/infiniband-diags/scripts/ibswportwatch.pl b/infiniband-diags/scripts/ibswportwatch.pl
> > index 6d6ba1c..76398fa 100755
> > --- a/infiniband-diags/scripts/ibswportwatch.pl
> > +++ b/infiniband-diags/scripts/ibswportwatch.pl
> > @@ -157,6 +157,7 @@ my $sw_port = $ARGV[1];
> >
> > sub main
> > {
> > + auth_check;
> > clear_counters;
> > get_new_counts($sw_addr, $sw_port);
> > while ($cycle != 0) {
> > _______________________________________________
> > general mailing list
> > general at lists.openfabrics.org
> > http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
> >
> > To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
>
> _______________________________________________
> general mailing list
> general at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
>
> To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
More information about the general
mailing list