Mailing List Archive

On Fri, Mar 20, 2015 at 04:45:11PM +0800, Antonio Borneo wrote:
> > open("/dev/net/tun", O_RDWR|O_CREAT, 0666) = 3
> Agree that what you found is bad.
> In vpnc code, file
> http://svn.unix-ag.uni-kl.de/vpnc/trunk/sysdep.c
> at line 439, there is
> if ((fd = open("/dev/net/tun", O_RDWR)) < 0) {
> that is correct. So the problem is somewhere else.

indeed, it is in /usr/share/vpnc-scripts/vpnc-script as the strace shows that
this cloned/execed process issues the open(). it seems to be line 596:

if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then

which creates the file as a regular file if not existing.

regards,

--
M. Dietrich
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

On Fri, Mar 20, 2015 at 10:46 PM, M. Dietrich <mdt@emdete.de> wrote:
<...>
> indeed, it is in /usr/share/vpnc-scripts/vpnc-script as the strace shows that
> this cloned/execed process issues the open(). it seems to be line 596:
>
> if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
>
> which creates the file as a regular file if not existing.

Agree!

Could you please test the patch 0001-* in attachment?
I don't have possibility to test it in coming weeks.

The first part of the patch addresses your problem.

The second part makes me confused.
It should "never" wait, since few lines before /dev/net/tun is
explicitly created with mknod, independently by udev.
For me this loop should be moved before the test that triggers mknod.
I have prepared patch 0002-*. Not sure you can test it, but comments
are welcome.

Best Regards,
Antonio

On Sun, Mar 22, 2015 at 11:03:34AM +0800, Antonio Borneo wrote:
> Could you please test the patch 0001-* in attachment?
> I don't have possibility to test it in coming weeks.
>
> The first part of the patch addresses your problem.

yes, if /dev/net/tun is not existing, the patched script will just create it
correctly.

> The second part makes me confused.

agreed...

> It should "never" wait, since few lines before /dev/net/tun is
> explicitly created with mknod, independently by udev.
> For me this loop should be moved before the test that triggers mknod.
> I have prepared patch 0002-*. Not sure you can test it, but comments
> are welcome.

yes, that seems to be obvious, but i can't test that special case. the same
goes with the symlink case. am i fully sure what the snipped want to resolve?

let me try to sum up:

if dev cannot be read and written do:

1 modprobe driver (shouldn't there be a condition if already loaded?)

2 if dev is a symlink to wrong location fix symlink

3 wait for 10 sec for the dev to show up, check by r/w

4 if dev (still) doesn't exists create it

so i would suggest to move the loop as in your patch 2 but i would suggest to
use the same check of existence of the dev for all 3 cases, maybe just -e to
keep the script simple (-c would be better but then you have to remove the file
to use mknod and it does not work for the symlinkcase, still it would repair
systems where the initial bug happened already).

regards,

--
M. Dietrich
_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

On Sun, 2015-03-22 at 11:03 +0800, Antonio Borneo wrote:
>
> do_pre_init() {
> if [ "$OS" = "Linux" ]; then
> - if (exec 6<> /dev/net/tun) > /dev/null 2>&1 ; then
> + if [ -r /dev/net/tun -a -w /dev/net/tun ]; then
> :

This means we no longer allow /dev/net/tun to be created automatically
by trying to open it. But devfs is long since dead and we no longer
care about *anything* that would do that, right?

Did I ever sort out commit privs to vpnc-scripts.git for you?

--
dwmw2