[OpenSER-Devel] [ openser-Bugs-1891148 ] No protection of open socket files against removing

SourceForge.net noreply at sourceforge.net
Tue Feb 12 14:33:13 CET 2008


Bugs item #1891148, was opened at 2008-02-11 15:58
Message generated for change (Comment added) made by bogdan_iancu
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1891148&group_id=139143

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: modules
Group: None
Status: Open
Resolution: Invalid
Priority: 5
Private: No
Submitted By: Helmut Kuper (hekuper)
Assigned to: Bogdan-Andrei Iancu (bogdan_iancu)
Summary: No protection of open socket files against removing

Initial Comment:
Hi,

I found that starting a 2nd openser with same config as an already
running openser on same machine using module mi_datagram leads to a deletion of the
socket file of the already running openser process.

This is very bad when u use openser as a frontend for sems for example.  :( 

If this is a bug, maybe the check, whether there is
an already running openser using same network resources, should be placed *befor* starting modules. 
Alternative modules should be able to handle those problematic scenarios ...

My mi_datagram config is this:

loadmodule "mi_datagram.so"
modparam("mi_datagram", "socket_name", "/tmp/openser_ansagen_sock")
modparam("mi_datagram", "children_count", 1)
modparam("mi_datagram", "unix_socket_mode", 0660)
modparam("mi_datagram", "unix_socket_group", "voip")
modparam("mi_datagram", "unix_socket_user", "ruth")
modparam("mi_datagram", "socket_timeout", 2000)

regards
Helmut

----------------------------------------------------------------------

>Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-02-12 15:33

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Henning,

I agree here - the fix should not be in openser, but rather in whatever
scripts/admins are managing openser. From my point of view, this is a
openser operation error.

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Henning Westerholt (henningw)
Date: 2008-02-12 13:24

Message:
Logged In: YES 
user_id=337916
Originator: NO

I think this can be fixed by other means:

Just add some checks to openserctl to not start openser two times, like
the init script does (i think). 
This would be easier than to fix the OpenSER start process to not start at
all (or fail just in the beginning) if another process is already running.

Henning

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-02-12 13:06

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Helmut,

This is the normal/expected bahviour of the module - to avoid any security
problems (using a fake or malicious already existing unixsocket) openser
removes it first (if exists) and then creates its own with proper
permissions and security restrictions.

So, it is not a bug :).

Regards,
Bogdan

----------------------------------------------------------------------

Comment By: Helmut Kuper (hekuper)
Date: 2008-02-11 16:53

Message:
Logged In: YES 
user_id=1851349
Originator: YES

Hi Bogdan,

yes I use same socket file name for both opensers, cause both are using
same config file.

Befor we misunderstand: I don't want to run 2 opensers with same config on
same machine!! I rather strumbled about that bug/problem, when I accidently
started same openser without openserctl twice 

----------------------------------------------------------------------

Comment By: Bogdan-Andrei Iancu (bogdan_iancu)
Date: 2008-02-11 16:45

Message:
Logged In: YES 
user_id=1275325
Originator: NO

Hi Helmut,

so you use the same socket_name for both openser's ??

Regards,
Bogdan

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=743020&aid=1891148&group_id=139143



More information about the Devel mailing list