Andi Kleen wrote:
>
> "Martin J. Bligh" <[email protected]> writes:
> >
> > echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time
> >
> > But neigh_rand_reach_time() divide by its argument.
> >
> > unsigned long neigh_rand_reach_time(unsigned long base)
> > {
> > return (net_random() % base) + (base>>1);
> > }
>
> Don't do that then. The sysctl is root-only. There are lots of ways to
> break the system by writing bogus values into root only configuration
> options. That is why they are root only
>
> I would close the report as WONTFIX.
Don't this argument bring to the weird equality:
root user == infallible guy
IMHO the "if you make a typo you crash the machine" should be avoided
(at least when feasible without drawbacks).
--
Abramo Bagnara mailto:[email protected]
Opera Unica Phone: +39.546.656023
Via Emilia Interna, 140
48014 Castel Bolognese (RA) - Italy
On Fri, 28 Feb 2003 23:23:33 +0100
Abramo Bagnara <[email protected]> wrote:
| Andi Kleen wrote:
| >
| > "Martin J. Bligh" <[email protected]> writes:
| > >
| > > echo 0 > /proc/sys/net/ipv4/neigh/DEV/base_reachable_time
| > >
| > > But neigh_rand_reach_time() divide by its argument.
| > >
| > > unsigned long neigh_rand_reach_time(unsigned long base)
| > > {
| > > return (net_random() % base) + (base>>1);
| > > }
| >
| > Don't do that then. The sysctl is root-only. There are lots of ways to
| > break the system by writing bogus values into root only configuration
| > options. That is why they are root only
| >
| > I would close the report as WONTFIX.
|
| Don't this argument bring to the weird equality:
|
| root user == infallible guy
|
| IMHO the "if you make a typo you crash the machine" should be avoided
| (at least when feasible without drawbacks).
I agree with that.
It's worth making a patch and letting the maintainer reject it.
Of course, there are still plenty of other ways to write to /proc and kill
the system.
--
~Randy
On Fri, 2003-02-28 at 17:26, Randy.Dunlap wrote:
> I agree with that.
I agree with that, too.
It is easy, too, because the sysctl mechanism has a built-in bounds
checking function.
For the seventh parameter (the parsing mechanism) you can specify
something like proc_dointvec_minmax and then the last parameters can be
&one and NULL. This forces the minimum value to be one.
So its trivial and built-in. While root should be able to wreck the
system, he should at least have a chance in hell of knowing he is doing
so. Zero may seem to be a legitimate value here...
Robert Love