[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654
Louis Sautier
sautier.louis at gmail.com
Fri Nov 13 11:39:58 GMT 2020
On 13/11/2020 12:23, Alejandro Taboada wrote:
> Maybe Corocync is not using peer communication? Could you check someway the packet source address .. if it’s form localhost just allow, other check permissions
> I know is not ideal but will solve a tot of production issues in the meanwhile.
>
>
>> On 12 Nov 2020, at 23:20, Alejandro Taboada <alejandro.taboada at altipeak.com> wrote:
>>
>> <PastedGraphic-1.png>
>
>
I'm not sure I understand what we need to look for.
Aren't they communicating via UNIX sockets from abstract namespaces
(@cib_rw@, @attrd@, etc.) ? That's what I see when I strace calls to
"crm resource cleanup <resource>" which also fails with the patched version.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201113/0e05b6b0/attachment.sig>
More information about the Debian-ha-maintainers
mailing list