[PATCH] open-iscsi:Modify iSCSI shared memory permissions for logs
16 views
Skip to first unread message
Wu Bo
Apr 17, 2020, 5:08:57 AM4/17/20
to Lee Duncan, Chris Leech, Mike Christie, open-...@googlegroups.com, liuzhi...@huawei.com, linfe...@huawei.com
Hi,
Iscsid log damon is responsible for reading data from shared memory
and writing syslog. Iscsid is the root user group.
Currently, it is not seen that non-root users need to read logs.
The principle of minimizing the use of permissions, all the permissions
are changed from 644 to 600.
Signed-off-by: Wu Bo <wub...@huawei.com>
---
usr/log.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/usr/log.c b/usr/log.c
index 6e16e7c..2fc1850 100644
--- a/usr/log.c
+++ b/usr/log.c
@@ -73,7 +73,7 @@ static int logarea_init (int size)
logdbg(stderr,"enter logarea_init\n");
if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logarea failed %d", errno);
return 1;
}
@@ -93,7 +93,7 @@ static int logarea_init (int size)
size = DEFAULT_AREA_SIZE;
if ((shmid = shmget(IPC_PRIVATE, size,
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget msg failed %d", errno);
free_logarea();
return 1;
@@ -114,7 +114,7 @@ static int logarea_init (int size)
la->tail = la->start;
if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct
logmsg),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logmsg failed %d", errno);
free_logarea();
return 1;
--
1.8.3.1
Iscsid log damon is responsible for reading data from shared memory
and writing syslog. Iscsid is the root user group.
Currently, it is not seen that non-root users need to read logs.
The principle of minimizing the use of permissions, all the permissions
are changed from 644 to 600.
Signed-off-by: Wu Bo <wub...@huawei.com>
---
usr/log.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/usr/log.c b/usr/log.c
index 6e16e7c..2fc1850 100644
--- a/usr/log.c
+++ b/usr/log.c
@@ -73,7 +73,7 @@ static int logarea_init (int size)
logdbg(stderr,"enter logarea_init\n");
if ((shmid = shmget(IPC_PRIVATE, sizeof(struct logarea),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logarea failed %d", errno);
return 1;
}
@@ -93,7 +93,7 @@ static int logarea_init (int size)
size = DEFAULT_AREA_SIZE;
if ((shmid = shmget(IPC_PRIVATE, size,
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget msg failed %d", errno);
free_logarea();
return 1;
@@ -114,7 +114,7 @@ static int logarea_init (int size)
la->tail = la->start;
if ((shmid = shmget(IPC_PRIVATE, MAX_MSG_SIZE + sizeof(struct
logmsg),
- 0644 | IPC_CREAT | IPC_EXCL)) == -1) {
+ 0600 | IPC_CREAT | IPC_EXCL)) == -1) {
syslog(LOG_ERR, "shmget logmsg failed %d", errno);
free_logarea();
return 1;
--
1.8.3.1
The Lee-Man
Apr 19, 2020, 1:39:47 PM4/19/20
to open-iscsi
On Friday, April 17, 2020 at 2:08:57 AM UTC-7, Wu Bo wrote:
Hi,
Iscsid log damon is responsible for reading data from shared memory
and writing syslog. Iscsid is the root user group.
Currently, it is not seen that non-root users need to read logs.
The principle of minimizing the use of permissions, all the permissions
are changed from 644 to 600.
Signed-off-by: Wu Bo ...
This looks good to me. Any chance you can make this a pull request for open-iscsi/open-iscsi on github?
Wu Bo
Apr 19, 2020, 10:13:10 PM4/19/20
to open-...@googlegroups.com
OK, I will submit a pull request for open-iscsi/open-iscsi on github.
Thanks
Wu Bo
Ulrich Windl
Apr 20, 2020, 8:08:36 AM4/20/20
to Lee Duncan, open-iscsi, liuzhi...@huawei.com
Hi!
Maybe this could be made a symbolic constant, or even be made configurable.
The other interesting thing is that there are three seemingly very similar code fragements to create the shared memory, but each with a different size parameter (sizeof(struct logarea) vs. size vs. MAX_MSG_SIZE + sizeof(struct logmsg)) ;-)
Regards,
Ulrich
>>> Wu Bo <wub...@huawei.com> schrieb am 17.04.2020 um 11:08 in Nachricht
<6355_1587114536_5E997228_6355_294_1_d6a22a2f-3730-45ee-5256-8a8fe4b017bf@huawei
com>:
> --
> You received this message because you are subscribed to the Google Groups
> "open-iscsi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to open-iscsi+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/open-iscsi/d6a22a2f-3730-45ee-5256-8a8fe4b0
> 17bf%40huawei.com.
Maybe this could be made a symbolic constant, or even be made configurable.
The other interesting thing is that there are three seemingly very similar code fragements to create the shared memory, but each with a different size parameter (sizeof(struct logarea) vs. size vs. MAX_MSG_SIZE + sizeof(struct logmsg)) ;-)
Regards,
Ulrich
>>> Wu Bo <wub...@huawei.com> schrieb am 17.04.2020 um 11:08 in Nachricht
<6355_1587114536_5E997228_6355_294_1_d6a22a2f-3730-45ee-5256-8a8fe4b017bf@huawei
com>:
> Hi,
>
> Iscsid log damon is responsible for reading data from shared memory
> and writing syslog. Iscsid is the root user group.
> Currently, it is not seen that non-root users need to read logs.
> The principle of minimizing the use of permissions, all the permissions
> are changed from 644 to 600.
>
> Signed-off-by: Wu Bo <wub...@huawei.com>
>
> Iscsid log damon is responsible for reading data from shared memory
> and writing syslog. Iscsid is the root user group.
> Currently, it is not seen that non-root users need to read logs.
> The principle of minimizing the use of permissions, all the permissions
> are changed from 644 to 600.
>
> You received this message because you are subscribed to the Google Groups
> "open-iscsi" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to open-iscsi+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/open-iscsi/d6a22a2f-3730-45ee-5256-8a8fe4b0
> 17bf%40huawei.com.
The Lee-Man
Apr 21, 2020, 2:27:49 PM4/21/20
to open-iscsi
On Monday, April 20, 2020 at 5:08:36 AM UTC-7, Uli wrote:
Hi!
Maybe this could be made a symbolic constant, or even be made configurable.
The other interesting thing is that there are three seemingly very similar code fragements to create the shared memory, but each with a different size parameter (sizeof(struct logarea) vs. size vs. MAX_MSG_SIZE + sizeof(struct logmsg)) ;-)
If you'd like to submit a pull request, I'll consider it. I don't think the symbolic constant and machinery around making the permission configurable are worth the trouble, since they shouldn't be changed. But I could saying making this permission a define in an include file, perhaps with an "ifndef" around it. :)
As far as automating the shared memory creation for just 3 cases is not worth it, particularly since we're filling in info about the 2nd and 3rd segment into our control structure, as we go.
I merge this pull request.
> email to open-iscsi+unsubscribe@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages