diff --git a/WHATS_NEW b/WHATS_NEW index f6487ff71..c279010cc 100644 --- a/WHATS_NEW +++ b/WHATS_NEW @@ -3,6 +3,7 @@ Version 2.02.72 - 28th July 2010 [CVE-2010-2526] Change clvmd to communicate with lvm2 via a socket in /var/run/lvm. Return controlled error if clvmd is run by non-root user. Add configure --default-run-dir for /var/run/lvm. + Never use clvmd singlenode unless explicitly requested with -Isinglenode. Version 2.02.71 - 28th July 2010 ================================ diff --git a/daemons/clvmd/clvmd-singlenode.c b/daemons/clvmd/clvmd-singlenode.c index ec98f2cbf..4393a2e4b 100644 --- a/daemons/clvmd/clvmd-singlenode.c +++ b/daemons/clvmd/clvmd-singlenode.c @@ -26,17 +26,29 @@ #include #include -static const char SINGLENODE_CLVMD_SOCKNAME[] = "\0singlenode_clvmd"; +static const char SINGLENODE_CLVMD_SOCKNAME[] = DEFAULT_RUN_DIR "/clvmd_singlenode.sock"; static int listen_fd = -1; +static void close_comms() +{ + if (listen_fd != -1 && close(listen_fd)) + stack; + (void)unlink(SINGLENODE_CLVMD_SOCKNAME); + listen_fd = -1; +} + static int init_comms() { struct sockaddr_un addr; + mode_t old_mask; + + close_comms(); + old_mask = umask(0077); listen_fd = socket(PF_UNIX, SOCK_STREAM, 0); if (listen_fd < 0) { DEBUGLOG("Can't create local socket: %s\n", strerror(errno)); - return -1; + goto error; } /* Set Close-on-exec */ fcntl(listen_fd, F_SETFD, 1); @@ -48,16 +60,19 @@ static int init_comms() if (bind(listen_fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { DEBUGLOG("Can't bind local socket: %s\n", strerror(errno)); - close(listen_fd); - return -1; + goto error; } if (listen(listen_fd, 10) < 0) { DEBUGLOG("Can't listen local socket: %s\n", strerror(errno)); - close(listen_fd); - return -1; + goto error; } + umask(old_mask); return 0; +error: + umask(old_mask); + close_comms(); + return -1; } static int _init_cluster(void) @@ -74,7 +89,7 @@ static int _init_cluster(void) static void _cluster_closedown(void) { - close(listen_fd); + close_comms(); DEBUGLOG("cluster_closedown\n"); destroy_lvhash(); diff --git a/daemons/clvmd/clvmd.c b/daemons/clvmd/clvmd.c index 2365a3310..9554eea25 100644 --- a/daemons/clvmd/clvmd.c +++ b/daemons/clvmd/clvmd.c @@ -479,7 +479,7 @@ int main(int argc, char *argv[]) #endif #ifdef USE_SINGLENODE if (!clops) - if ((cluster_iface == IF_AUTO || cluster_iface == IF_SINGLENODE) && (clops = init_singlenode_cluster())) { + if (cluster_iface == IF_SINGLENODE && (clops = init_singlenode_cluster())) { max_csid_len = SINGLENODE_CSID_LEN; max_cluster_message = SINGLENODE_MAX_CLUSTER_MESSAGE; max_cluster_member_name_len = MAX_CLUSTER_MEMBER_NAME_LEN;