2003-02-28 22:13:27

by Abramo Bagnara

[permalink] [raw]
Subject: Re: [Bug 420] New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

Andi Kleen wrote:
>
> "Martin J. Bligh" <[email protected]> writes:
> >
> > echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time
> >
> > But neigh_rand_reach_time() divide by its argument.
> >
> > unsigned long neigh_rand_reach_time(unsigned long base)
> > {
> > return (net_random() % base) + (base>>1);
> > }
>
> Don't do that then. The sysctl is root-only. There are lots of ways to
> break the system by writing bogus values into root only configuration
> options. That is why they are root only
>
> I would close the report as WONTFIX.

Don't this argument bring to the weird equality:

root user == infallible guy

IMHO the "if you make a typo you crash the machine" should be avoided
(at least when feasible without drawbacks).

--
Abramo Bagnara mailto:[email protected]

Opera Unica Phone: +39.546.656023
Via Emilia Interna, 140
48014 Castel Bolognese (RA) - Italy


2003-02-28 22:20:58

by Randy.Dunlap

[permalink] [raw]
Subject: Re: [Bug 420] New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

On Fri, 28 Feb 2003 23:23:33 +0100
Abramo Bagnara <[email protected]> wrote:

| Andi Kleen wrote:
| >
| > "Martin J. Bligh" <[email protected]> writes:
| > >
| > > echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time
| > >
| > > But neigh_rand_reach_time() divide by its argument.
| > >
| > > unsigned long neigh_rand_reach_time(unsigned long base)
| > > {
| > > return (net_random() % base) + (base>>1);
| > > }
| >
| > Don't do that then. The sysctl is root-only. There are lots of ways to
| > break the system by writing bogus values into root only configuration
| > options. That is why they are root only
| >
| > I would close the report as WONTFIX.
|
| Don't this argument bring to the weird equality:
|
| root user == infallible guy
|
| IMHO the "if you make a typo you crash the machine" should be avoided
| (at least when feasible without drawbacks).

I agree with that.
It's worth making a patch and letting the maintainer reject it.

Of course, there are still plenty of other ways to write to /proc and kill
the system.

--
~Randy

2003-02-28 22:27:30

by Robert Love

[permalink] [raw]
Subject: Re: [Bug 420] New: Divide by zero (/proc/sys/net/ipv4/neigh/DEV/base_reachable_time)

On Fri, 2003-02-28 at 17:26, Randy.Dunlap wrote:

> I agree with that.

I agree with that, too.

It is easy, too, because the sysctl mechanism has a built-in bounds
checking function.

For the seventh parameter (the parsing mechanism) you can specify
something like proc_dointvec_minmax and then the last parameters can be
&one and NULL. This forces the minimum value to be one.

So its trivial and built-in. While root should be able to wreck the
system, he should at least have a chance in hell of knowing he is doing
so. Zero may seem to be a legitimate value here...

Robert Love