From: Prarit Bhargava <prarit@redhat.com>
To: Randy Dunlap <rdunlap@xenotime.net>
Cc: netdev@vger.kernel.org, davem@davemloft.net, agospoda@redhat.com,
nhorman@redhat.com, lwoodman@redhat.com
Subject: Re: [PATCH]: Add Network Sysrq Support
Date: Tue, 21 Jun 2011 18:12:30 -0400 [thread overview]
Message-ID: <4E01174E.2010403@redhat.com> (raw)
In-Reply-To: <20110621130929.ddd107f7.rdunlap@xenotime.net>
On 06/21/2011 04:09 PM, Randy Dunlap wrote:
>
>
>> +remote sysrq.
>> +
>> +To use this do:
>> +
>> +mount -t debugfs none /sys/kernel/debug/
>> +echo 1 > /proc/sys/kernel/sysrq
>> +echo <hex digit val> > /sys/kernel/debug/network_sysrq_magic
>> +echo 1 > /sys/kernel/debug/network_sysrq_enable
>>
> so all of this (insecure) stuff has to be done before you suspect that
> you need it .. in case the local keyboard/console is dead.
>
>
Randy,
Yes -- this needs to be enabled before the system is unresponsive. I've
used it to sysrq-c systems that were reproducibly hanging in ways that
the system could not be accessed via console or keyboard. It really is
a debug feature.
[I've also sysrq-t'd and sysrq-m'd systems as well fwiw]
>> +
>> +Then on another system you can do:
>> +
>> +ping -c 1 -p <hex digit val><hex val of sysrq> <target_system_name>
>>
> What are the <up to 30 hex digits> for?
>
>
A secret key. By turning this on you're leaving a system susceptible to
a panic by anyone else who decides to ping your system. The ping
payload accepts up to a 32 digit hex number. Two of those are needed
for the sysrq type, so that leaves 30.
I figured a 30 digit hash, with multiple enabling steps, and single-shot
mode, was good enough to alleviate any security issues anyone would have
about this code.
I'll take all of your suggestions into [v2].
Thanks for the review,
P.
next prev parent reply other threads:[~2011-06-21 22:12 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-21 13:00 [PATCH]: Add Network Sysrq Support Prarit Bhargava
2011-06-21 17:08 ` Stephen Hemminger
2011-06-21 18:30 ` Neil Horman
2011-06-21 20:09 ` Randy Dunlap
2011-06-21 20:37 ` Florian Westphal
2011-06-21 20:46 ` Randy Dunlap
2011-06-21 22:12 ` Prarit Bhargava [this message]
2011-06-21 22:05 ` Flavio Leitner
2011-06-21 22:26 ` Prarit Bhargava
2011-06-21 23:32 ` Flavio Leitner
2011-06-21 22:56 ` Florian Westphal
2011-06-21 22:58 ` David Miller
2011-06-22 10:26 ` Prarit Bhargava
2011-06-22 10:35 ` David Miller
2011-06-22 10:42 ` Prarit Bhargava
2011-06-22 10:54 ` Florian Westphal
2011-06-22 12:19 ` Prarit Bhargava
2011-06-22 12:37 ` John Haxby
2011-06-22 17:39 ` Prarit Bhargava
2011-06-22 18:46 ` John Haxby
2011-06-22 20:29 ` David Miller
2011-06-22 18:57 ` John Haxby
2011-06-22 20:27 ` David Miller
2011-06-24 14:37 ` John Haxby
2011-06-22 7:55 ` WANG Cong
2011-06-22 15:29 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4E01174E.2010403@redhat.com \
--to=prarit@redhat.com \
--cc=agospoda@redhat.com \
--cc=davem@davemloft.net \
--cc=lwoodman@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@redhat.com \
--cc=rdunlap@xenotime.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.