Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
/ 2004-07-02 17:51:06 +0200 \ Lars Marowsky-Bree: > On 2004-07-02T17:47:42, > Lars Marowsky-Bree <lmb at suse.de> said: > > > > The crash happens while dereferencing req->bh > > > > One of these days in the future, we really need to consider whether we > > should dereference network data so directly, as drbd is running on > > unprivileged ports, and in theory some user could exploit this on one of > > the peer nodes... > > > > (A workaround for the paranoid would be to use privileged ports.) > > vi magic killed the following paragraphs in my mail, so here it goes > again: > > But while the security aspects can be worked around, and a cluster is > essentially a single security domain for many other reasons anyway, I > think we should try a bit harder to isolate faults to one node. A > software crash on one node taking down both is exactly the opposite of > the goal of HA computing. > > Of course nothing can easily protect against data corruption going to > disk and all that, but this seems a bit too open right now. This may be > something for drbd N+1. ... and current 0.7 code already does much better in this respect ... lge