diff options
| author | Alasdair Kergon <agk@redhat.com> | 2010-07-28 14:01:40 +0000 |
|---|---|---|
| committer | Alasdair Kergon <agk@redhat.com> | 2010-07-28 14:01:40 +0000 |
| commit | 798ffad9a9dcd3b68244eb491fdac846faaa9138 (patch) | |
| tree | 659c086a7f5db1d6f3700e0f5dd93e5eb01bcaf1 | |
| parent | fb3b7f2274dae6d8e5f9ad5c001bca233fd4969a (diff) | |
| download | lvm2-798ffad9a9dcd3b68244eb491fdac846faaa9138.tar.gz | |
Never use clvmd singlenode unless explicitly requested with -Isinglenode.v2_02_72old-v2_02_72
| -rw-r--r-- | WHATS_NEW | 1 | ||||
| -rw-r--r-- | daemons/clvmd/clvmd-singlenode.c | 29 | ||||
| -rw-r--r-- | daemons/clvmd/clvmd.c | 2 |
3 files changed, 24 insertions, 8 deletions
@@ -3,6 +3,7 @@ Version 2.02.72 - 28th July 2010 [CVE-2010-2526] Change clvmd to communicate with lvm2 via a socket in /var/run/lvm. Return controlled error if clvmd is run by non-root user. Add configure --default-run-dir for /var/run/lvm. + Never use clvmd singlenode unless explicitly requested with -Isinglenode. Version 2.02.71 - 28th July 2010 ================================ diff --git a/daemons/clvmd/clvmd-singlenode.c b/daemons/clvmd/clvmd-singlenode.c index ec98f2cbf..4393a2e4b 100644 --- a/daemons/clvmd/clvmd-singlenode.c +++ b/daemons/clvmd/clvmd-singlenode.c @@ -26,17 +26,29 @@ #include <sys/socket.h> #include <fcntl.h> -static const char SINGLENODE_CLVMD_SOCKNAME[] = "\0singlenode_clvmd"; +static const char SINGLENODE_CLVMD_SOCKNAME[] = DEFAULT_RUN_DIR "/clvmd_singlenode.sock"; static int listen_fd = -1; +static void close_comms() +{ + if (listen_fd != -1 && close(listen_fd)) + stack; + (void)unlink(SINGLENODE_CLVMD_SOCKNAME); + listen_fd = -1; +} + static int init_comms() { struct sockaddr_un addr; + mode_t old_mask; + + close_comms(); + old_mask = umask(0077); listen_fd = socket(PF_UNIX, SOCK_STREAM, 0); if (listen_fd < 0) { DEBUGLOG("Can't create local socket: %s\n", strerror(errno)); - return -1; + goto error; } /* Set Close-on-exec */ fcntl(listen_fd, F_SETFD, 1); @@ -48,16 +60,19 @@ static int init_comms() if (bind(listen_fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { DEBUGLOG("Can't bind local socket: %s\n", strerror(errno)); - close(listen_fd); - return -1; + goto error; } if (listen(listen_fd, 10) < 0) { DEBUGLOG("Can't listen local socket: %s\n", strerror(errno)); - close(listen_fd); - return -1; + goto error; } + umask(old_mask); return 0; +error: + umask(old_mask); + close_comms(); + return -1; } static int _init_cluster(void) @@ -74,7 +89,7 @@ static int _init_cluster(void) static void _cluster_closedown(void) { - close(listen_fd); + close_comms(); DEBUGLOG("cluster_closedown\n"); destroy_lvhash(); diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c index 2365a3310..9554eea25 100644 --- a/daemons/clvmd/clvmd.c +++ b/daemons/clvmd/clvmd.c @@ -479,7 +479,7 @@ int main(int argc, char *argv[]) #endif #ifdef USE_SINGLENODE if (!clops) - if ((cluster_iface == IF_AUTO || cluster_iface == IF_SINGLENODE) && (clops = init_singlenode_cluster())) { + if (cluster_iface == IF_SINGLENODE && (clops = init_singlenode_cluster())) { max_csid_len = SINGLENODE_CSID_LEN; max_cluster_message = SINGLENODE_MAX_CLUSTER_MESSAGE; max_cluster_member_name_len = MAX_CLUSTER_MEMBER_NAME_LEN; |