[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PVM on debian-mips



On Thu, Feb 07, 2002 at 09:07:50PM -0800, Martin Quinson wrote:
> I've no idea if this would test, but you may be interrested in some version
> I've done of the last upstream version of pvm. I speak about them with the
> maintainer, and he never gave me his advice about them. 

   I think (without consulting my mail archives) that I did (to someone
anyway).  It's my opinion that it is impossible to secure access to pvmd's
using the rendevous points in upstream pvm.  For years now Debian's pvm has
used /tmp/pvm.uid/* instead of bare files in /tmp.  Upstream 3.4.3 added
some checking code, going from a wide open security hole to I believe a
race.  I'm not a /tmp-file expert, so if someone who is can verify this I'd
appreciate it.  The files must be perfectly predictable, as the completely
separate libpvm application code and the pvmd must both find the same files. 
Given this constraint, I don't believe that is possible to put those files
safely in /tmp, at best you can get a security race (which pvm now gets,
before it was just wide open).  I instead create a directory (or check it's
ownership), and then put the rendevous sockets and logfiles in that
subdirectory.  This means Debian binaries (linked against our libpvm.so)
won't run on other Linuxes (where they have no libpvm.so), and linked
against libpvm.a we also aren't portable either way (different rendevous
locations).
   As upstream is modifying the same code I did, it's a messy, time
consuming forward port.  I'd much rather convince upstream to do it and
never have to repeat the exercise.  :) Most of 3.4.3 was either a
reimplementation of our security fix, or some of the same architecture
support also in Debian's 3.4.2.  Upstream PVM is very nearly frozen (it's a
done project).
   If some security expert can confirm this I'll forward the discussion
upstream, and maybe they'll do the work.  I wasn't convincing last time I
tried (they concluded that moving the rendevous sockets was unnecessary).
OTOH, if you can convince me that they *are* safe, it'll be pretty trivial to
dump my alternate /tmp/dir/ code (nicely bracketed in #define SAFE_TMPDIR or
something like that).

> 
> Note that they are only roughly tested. They work for me (tm). Note also
> that I have no access to a mips hardware, so you gonna have to recompile
> them yourself.
> 

   Me neither - that's capable of runnning Linux anyway.  Lots of old SGIs
floating around, but Irix only, where PVM does work.  I'd be very surprised
if the new upstream PVM has better mips support than what we have, as (I
think) their LINUXMIPS support came via us anyway.

-Drake (Debian pvm maintainer)



Reply to: