[linux-lvm] [PATCH] user check in lvmiopversion

Andreas Dilger adilger at turbolinux.com
Fri Dec 22 22:05:09 UTC 2000

Claudio, you write:
> Quite trivial, but avoids misleading error messages like
>   [claudio at pokey:/home/claudio] vgscan
>   lvmiopversion -- LVM driver/module not loaded?
>   vgscan: /lib/lvm-iop not found.  Is lvm-iop installed?
> when running a wrapped tool.

Argh.  I don't like the "SUSER_CHECK" at all (not your fault Claudio).
Basically, it doesn't do anything for us because the check is in user
space, so if there are LVM security holes someone could simply recompile
the user tools without the SUSER_CHECK.  All the access checks need to be
done inside the kernel.  Secondly, the permission shouldn't be by UID,
but rather read/write permission on the device files OR capabilities.

So, define SUSER_CHECK to nothing, because it doesn't help anyways.  I
will dig up my patch to have proper permission checking in the kernel.

> Also a test for the return value != 0 is needed in the wrapper script:
> IOP=`/sbin/lvmiopversion`
> ret=$?
> if [ $ret -ne 0 ]; then
>     exit $ret
> fi

Yes.  In my version, if the IOP version wasn't set by lvmiopversion, it
would still try to use the old tools in /sbin.  With the wrapper scripts
this won't work.

int main(int argc, char *argv[])

	int ver = lvm_get_iop_version();

	if (ver < 0) {
		fprintf(stderr, "%s -- LVM driver/module not loaded?\n\n", cmd);

Cheers, Andreas
Andreas Dilger  \ "If a man ate a pound of pasta and a pound of antipasto,
                 \  would they cancel out, leaving him still hungry?"
http://www-mddsp.enel.ucalgary.ca/People/adilger/               -- Dogbert

More information about the linux-lvm mailing list