[ovs-dev,1/3] bridge: Do not add bridges with '/' in name.

Message ID	20160203223800.GL28200@ovn.org
State	Not Applicable
Headers	show Return-Path: <dev-bounces@openvswitch.org> Received-SPF: pass (mx1-pf2.cudamail.com: SPF record at ovn.org designates 217.70.183.196 as permitted sender) sender: blp@ovn.org) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id AA4B81720BE; Wed, 3 Feb 2016 23:38:03 +0100 (CET) Date: Wed, 3 Feb 2016 14:38:00 -0800 From: Ben Pfaff <blp@ovn.org> To: Daniele Di Proietto <diproiettod@vmware.com> Message-ID: <20160203223800.GL28200@ovn.org> bridge: Do not add bridges with '/' in name. References: <1454464596-11261-1-git-send-email-diproiettod@vmware.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <1454464596-11261-1-git-send-email-diproiettod@vmware.com> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: dev@openvswitch.org Subject: Re: [ovs-dev] [PATCH 1/3] bridge: Do not add bridges with '/' in name. Precedence: list Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dev-bounces@openvswitch.org Sender: "dev" <dev-bounces@openvswitch.org>

Message ID

20160203223800.GL28200@ovn.org

State

Not Applicable

Headers

Received-SPF: pass (mx1-pf2.cudamail.com: SPF record at ovn.org designates
	217.70.183.196 as permitted sender)
Date: Wed, 3 Feb 2016 14:38:00 -0800
From: Ben Pfaff <blp@ovn.org>
To: Daniele Di Proietto <diproiettod@vmware.com>
Message-ID: <20160203223800.GL28200@ovn.org>
References: <1454464596-11261-1-git-send-email-diproiettod@vmware.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1454464596-11261-1-git-send-email-diproiettod@vmware.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Cc: dev@openvswitch.org
Subject: Re: [ovs-dev] [PATCH 1/3] bridge: Do not add bridges with '/' in
	name.
Precedence: list
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

Commit Message

Ben Pfaff Feb. 3, 2016, 10:38 p.m. UTC

On Tue, Feb 02, 2016 at 05:56:34PM -0800, Daniele Di Proietto wrote:
> This effectively stops vswitchd from creating bridges with '/' in the
> name. OVS used to print a warning but the bridge was created anyway.
> 
> This restriction is implemented because the bridge name is part of a
> filesystem path.
> 
> This check is no substitute for Mandatory Access Control, but it
> certainly helps to catch the error early.
> 
> Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>

Please add a test.  You can take this one:

Comments

Ben Pfaff Feb. 3, 2016, 10:39 p.m. UTC | #1

On Wed, Feb 03, 2016 at 02:38:00PM -0800, Ben Pfaff wrote:
> On Tue, Feb 02, 2016 at 05:56:34PM -0800, Daniele Di Proietto wrote:
> > This effectively stops vswitchd from creating bridges with '/' in the
> > name. OVS used to print a warning but the bridge was created anyway.
> > 
> > This restriction is implemented because the bridge name is part of a
> > filesystem path.
> > 
> > This check is no substitute for Mandatory Access Control, but it
> > certainly helps to catch the error early.
> > 
> > Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
> 
> Please add a test.  You can take this one:

Oh, with a test:
Acked-by: Ben Pfaff <blp@ovn.org>

Daniele Di Proietto Feb. 4, 2016, 3:23 a.m. UTC | #2

On 03/02/2016 14:39, "Ben Pfaff" <blp@ovn.org> wrote:

>On Wed, Feb 03, 2016 at 02:38:00PM -0800, Ben Pfaff wrote:
>> On Tue, Feb 02, 2016 at 05:56:34PM -0800, Daniele Di Proietto wrote:
>> > This effectively stops vswitchd from creating bridges with '/' in the
>> > name. OVS used to print a warning but the bridge was created anyway.
>> > 
>> > This restriction is implemented because the bridge name is part of a
>> > filesystem path.
>> > 
>> > This check is no substitute for Mandatory Access Control, but it
>> > certainly helps to catch the error early.
>> > 
>> > Signed-off-by: Daniele Di Proietto <diproiettod@vmware.com>
>> 
>> Please add a test.  You can take this one:
>
>Oh, with a test:
>Acked-by: Ben Pfaff <blp@ovn.org>

I didn't think it was possible to write a unit test for this. I added it
and push this up to branch-2.3.

Thanks!

diff --git a/tests/ovs-vswitchd.at b/tests/ovs-vswitchd.at
index 4245fc4..848daa3 100644
--- a/tests/ovs-vswitchd.at
+++ b/tests/ovs-vswitchd.at
@@ -187,3 +187,33 @@  AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl
 ])
 OVS_VSWITCHD_STOP
 AT_CLEANUP
+
+dnl ----------------------------------------------------------------------
+AT_SETUP([ovs-vswitchd - do not create sockets with unsafe names])
+OVS_VSWITCHD_START
+
+# On Unix systems, test for sockets with "test -S".
+#
+# On Windows systems, we simulate a socket with a regular file that contains
+# a TCP port number, so use "test -f" there instead.
+if test $IS_WIN32 = yes; then
+   S=f
+else
+   S=S
+fi
+
+# Create a bridge with an ordinary name and make sure that the management
+# socket gets creatd.
+AT_CHECK([ovs-vsctl add-br a -- set bridge a datapath-type=dummy])
+AT_CHECK([test -$S a.mgmt])
+
+# Create a bridge with an unsafe name and make sure that the management
+# socket does not get created.
+mkdir b
+AT_CHECK([ovs-vsctl add-br b/c -- set bridge b/c datapath-type=dummy], [0],
+  [], [ovs-vsctl: Error detected while setting up 'b/c'.  See ovs-vswitchd log for details.
+])
+AT_CHECK([test ! -e b/c.mgmt])
+
+OVS_VSWITCHD_STOP(['/ignoring bridge with invalid name/d'])
+AT_CLEANUP

[ovs-dev,1/3] bridge: Do not add bridges with '/' in name.

Commit Message

Comments

Patch