Re: An attempt to thwart G_LOG corruption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Aug 22, 2015 at 07:16:31PM +0200, Emmanuel Dreyfus wrote:
> Hello
> 
> We have a rogue test that appends log data to an incorrect open file
> descriptors, clobebring various system and library files with logs. That
> quickly renders regression slaves unusable.
> 
> I tried an exepriment to thwart that threat: NetBSD FFS filesystem
> features an immutable flag, which tells even root cannot modify the
> file. I applied it on nbslave7[1-j]  for the following files and
> directories (and their children)
> /.cshrc /.profile /altroot /bin /boot /boot.cfg /etc /grub /lib /libdata
> /libexec /netbsd /netbsd7-XEN3PAE_DOMU /opt /rescue /root /sbin /stand
> /usr
> 
> Let me know if it is too wide and causes trouble. If anyone wants to
> experiment:
> Recursively (-R) installs the flag in /usr:
>   chflags -R uchg /usr
> Recursively remove it:
>   chflags -R nouchg /usr
> 
> We also have schg/noschg, which can be set at any time but can only be
> removed by root in a single-user shell. I ruled out this because I am
> not sure rackspace console access lets us use single user mode. 

Great idea! I was thinking of something like SElinux, but that is
obviously not available for NetBSD.

Thanks for setting this up and checking on its progress,
Niels

Attachment: pgpK_pdjx2yxK.pgp
Description: PGP signature

_______________________________________________
Gluster-devel mailing list
Gluster-devel@xxxxxxxxxxx
http://www.gluster.org/mailman/listinfo/gluster-devel

[Index of Archives]     [Gluster Users]     [Ceph Users]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux