Package: aoetools Version: 11-1.2 Severity: Important Hi,
The way the aoe module is loaded looks wrong. The init script reads the list of interfaces where to look for aoe devices from /etc/default/aoetools but it is not passed to the module (the aoe_iflist parameter). The aoe-discover uses this list though, which might someone think that it behave correctly. I think that this is an important bug because it has security implications. This module parameter controls which interfaces are considered for aoe traffic and I guess that that traffic would go below a typical layer 3 firewall. So without restricting the interfaces, one might spoof the whole thing despite admins taking the precaution to install a seperate physical interface. So, my fix would be: * if INTERFACES=="none" do not load the module at all * if INTERFACES=="all" load the module without aoe_iflist * otherwise, marshall the list into aoe_iflist Also, rmmod the module at shutdown might be good. That might limitate the number of broken thing happening when a filesystem is not mounted the right way (no _netdev). Which a sync on every device reported by aoe-stat just before a call to rmmod will not prevent the filesystem from being reported dirty, but at least it would have less things lost to the cache. thanks jacques PS: I agree that adding an option in modprobe.d for the aoe module would lead to the right behavior. I just think that having twice the same list in 2 different files is a source of issues, in addition, the call to aoe-stat kinda hides the problem.
signature.asc
Description: Digital signature
