On 09/25/2017 07:50 PM, NeilBrown wrote:
On Mon, Sep 25 2017, John Stoffel wrote:
I haven't looked, but shouldn't the path for modprobe be hardcoded
here to /sbin/modprobe? Or the PATH sanitized so that random people
can't put something into the system PATH and cause problems?
That issue briefly crossed my mind as I wrote the code (is it OK to use
system()? should I use /sbin/modprobe or just modprobe?) but as mdadm is
not set-uid and cannot be run in an environment created by a
non-privileged user, there is no security risk.
Certainly a careless sysadmin might set path wrongs, but the most likely
wrong outcome is that modprobe won't be found, and there is very little
cost to that.
So thanks for asking, but I don't think there is any need for any extra
care, in which case "simplest is best".
I completely agree, I also think we shouldn't hardcode imposed layouts
unless there are very strong reasons for it. Someone may want to put
this into an initramfs or somewhere else and want to put it in a
different location.
Cheers,
Jes
--
To unsubscribe from this list: send the line "unsubscribe linux-raid" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
