[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654
Markus Koschany
apo at debian.org
Thu Nov 12 23:57:26 GMT 2020
Hi,
Am Donnerstag, den 12.11.2020, 18:21 +0100 schrieb Pallai Roland:
> Hi Markus,
>
> The problem is still the same here:
Thanks for your debug log. I have looked at every line of code again and
compared the original upstream patch from here
https://bugzilla.redhat.com/attachment.cgi?id=1722701
with the released fix from here
https://github.com/ClusterLabs/pacemaker/pull/2210/commits/7babd406e7195fcce57850a8589b06e095642c33
There is only one thing that stands out, in fencing/commands.c
if client = NULL, then they assume now it is a peer and this is always allowed
to interact. For me it is the only explanation at the moment why you still see
Rejecting IPC request 'lrmd_rsc_info' from unprivileged client crmd
If you take a closer look at the patch then the allowed variable must be true
in lrmd/lrmd.c but in your case it is (incorrectly) false. Since crmd is part
of pacemaker it should not be rejected. Please try the new version at
https://people.debian.org/~apo/lts/pacemaker/
and report back if that addresses the problem.
Thanks,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201113/b6a2932d/attachment-0001.sig>
More information about the Debian-ha-maintainers
mailing list