[ofa-general] Re: [PATCH] infiniband-diags: terminate perl scripts with error if not authorized

Hal Rosenstock hrosenstock at xsigo.com
Fri May 30 05:56:13 PDT 2008


On Sun, 2008-05-25 at 22:14 +0300, Sasha Khapyorsky wrote:
> Hi Tim,
> 
> On 09:04 Fri 23 May     , Timothy A. Meier wrote:
> >  
> > +# =========================================================================
> > +#  only authorized if uid is root, or matches umad ownership
> > +#
> > +sub auth_check
> > +{
> > +	my $file = "/dev/infiniband/umad0";
> 
> How would we know that it is "/dev/infiniband/umad0" and not another
> device (when first port in not connected, or if -C and/or -P options are
> used, or if udev is configured to put the entries in another place)?
> 
> Really I don't see an easy (without reimplementing most of libibumad
> device resolution functionality via sysfs in perl scripts) way to detect
> device reliably.

How about having a library function return the umad mapping so this
doesn't need to be reimplemented ?

-- Hal

> > +	my $uid = (stat $file)[4];
> > +	my $gid = (stat $file)[5];
> > +	if (($> != $uid) && ($> != $gid) && ($> != 0)){
> 
> The requirement here is not really ownership, but rather that the file
> is readable and writable by user which runs script. Right?
> 
> Sasha
> _______________________________________________
> general mailing list
> general at lists.openfabrics.org
> http://lists.openfabrics.org/cgi-bin/mailman/listinfo/general
> 
> To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general




More information about the general mailing list