Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
On 2004-07-02T17:47:42,
Lars Marowsky-Bree <lmb at suse.de> said:
> > The crash happens while dereferencing req->bh
>
> One of these days in the future, we really need to consider whether we
> should dereference network data so directly, as drbd is running on
> unprivileged ports, and in theory some user could exploit this on one of
> the peer nodes...
>
> (A workaround for the paranoid would be to use privileged ports.)
vi magic killed the following paragraphs in my mail, so here it goes
again:
But while the security aspects can be worked around, and a cluster is
essentially a single security domain for many other reasons anyway, I
think we should try a bit harder to isolate faults to one node. A
software crash on one node taking down both is exactly the opposite of
the goal of HA computing.
Of course nothing can easily protect against data corruption going to
disk and all that, but this seems a bit too open right now. This may be
something for drbd N+1.
Sincerely,
Lars Marowsky-Brée <lmb at suse.de>
--
High Availability & Clustering \ ever tried. ever failed. no matter.
SUSE Labs, Research and Development | try again. fail again. fail better.
SUSE LINUX AG - A Novell company \ -- Samuel Beckett