[Cluster-devel] [PATCHv2 6/6] rgmanager: ra2rng.xsl: script-file: try to prevent cluster's services

cluster-devel.redhat.com archive mirror
 help / color / mirror / Atom feed

From: Jan Pokorný <jpokorny@redhat.com>
To: cluster-devel.redhat.com
Subject: [Cluster-devel] [PATCHv2 6/6] rgmanager: ra2rng.xsl: script-file: try to prevent cluster's services
Date: Wed,  4 Dec 2013 14:50:12 +0100	[thread overview]
Message-ID: <1386165012-27413-1-git-send-email-jpokorny@redhat.com> (raw)
In-Reply-To: <1386095178-23404-8-git-send-email-jpokorny@redhat.com>

Note that, AFAIK, "file" parameter to "script" can be arbitrary string
with a logical limitation to be something (builtins, aliases, etc. not
excluded) that will run when pasted verbatim to the bash prompt (with
no quotes added) followed by the desired action and fired up.
Hence any leading/trailing whitespace really does not matter.
The restriction being added reflects this automatically by using "token"
datatype, but unfortunately libxml2 currently contains a bug leading
to not dropping such whitespace correctly before applying additional
facet checking (here: pattern) [1].  Until libxml2 is fixed,
the restriction will miss cases where "file" starts/ends with
balast whitespace.

Also note that this restriction can be easily bypassed by, e.g., using
":; /etc/init.d/cman", but it's purpose is to prevent from random
mis-writing "cman" instead of the desired service.

And finally, as pointed out by Fabio, there can be (highly experimental)
cases when cluster/rgmanager actively manages cluster's own auxiliary
management services like ricci and/or modclusterd (note that standard
management tools like ccs and luci would then be likely unusable and
one would have to deal with, e.g., configuration updates manually in
a low-level way given that also "cman_tool version -r" would be
unusable).

[1] https://mail.gnome.org/archives/xml/2013-November/msg00024.html

Signed-off-by: Jan Pokorn? <jpokorny@redhat.com>
---
 rgmanager/src/resources/ra2rng.xsl | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/rgmanager/src/resources/ra2rng.xsl b/rgmanager/src/resources/ra2rng.xsl
index b4944e7..e64ac06 100644
--- a/rgmanager/src/resources/ra2rng.xsl
+++ b/rgmanager/src/resources/ra2rng.xsl
@@ -71,6 +71,19 @@

 <int:agent-parameter-specialization>
     <!-- int:agent @name="..." > int:parameter @name="..." > PATTERN -->
+    <!-- SCRIPT -->
+    <int:agent name="script">
+        <int:parameter name="file">
+            <data type="token">
+                <except>
+                    <data type="token">
+                        <!-- disallow cluster to control its own core services through a "script" RA -->
+                        <param name="pattern">/etc/(rc\.d/)?init\.d/(cman|rgmanager)(\s.*|)</param>
+                    </data>
+                </except>
+            </data>
+        </int:parameter>
+    </int:agent>
 </int:agent-parameter-specialization>

 <xsl:variable name="SP" select="' '"/>
-- 
1.8.1.4

next prev parent reply	other threads:[~2013-12-04 13:50 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-12-03 18:26 [Cluster-devel] [resource-agents][PATCH 0/6] rgmanager: ra2rng.xsl: build up param datatyping infra Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 1/6] rgmanager: ra2rng.xsl: extend infrastructure for XML Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 2/6] rgmanager: ra2rng.xsl: make common params reuse XML pretty-print Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 3/6] rgmanager: ra2rng.xsl: common params: prevent misleading combination Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 4/6] rgmanager: ra2rng.xsl: control flow branches common business merge Jan Pokorný
2013-12-09 14:14   ` [Cluster-devel] [PATCHv2 " Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 5/6] rgmanager: ra2rng.xsl: infra for param value datatyping/restriction Jan Pokorný
2013-12-09 14:15   ` [Cluster-devel] [PATCHv2 " Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 6/6] gmanager: ra2rng.xsl: script-file: try to prevent cluster's services Jan Pokorný
2013-12-03 18:31   ` Jan Pokorný
2013-12-03 18:26 ` [Cluster-devel] [PATCH 6/6] rgmanager: " Jan Pokorný
2013-12-04 13:50   ` Jan Pokorný [this message]
2013-12-09 14:16     ` [Cluster-devel] [PATCHv3 " Jan Pokorný
2013-12-05 17:13 ` [Cluster-devel] [PATCHv2 3/6] rgmanager: ra2rng.xsl: common params: prevent misleading combination Jan Pokorný
2013-12-09 14:12   ` [Cluster-devel] [PATCHv3 " Jan Pokorný

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b4944e7 dfblob:e64ac06 )
 OR (
bs:"[Cluster-devel] [PATCHv2 6/6] rgmanager: ra2rng.xsl: script-file: try to prevent cluster's services" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1386165012-27413-1-git-send-email-jpokorny@redhat.com \
    --to=jpokorny@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).