[Samba] ctdb, raw sockets and CVE-2015-8543
Adi Kriegisch
adi at cg.tuwien.ac.at
Wed Jan 27 10:51:49 UTC 2016
Hi!
A recent kernel security update[1] caused some issues with our ctdb
cluster; messages like:
| We are still serving a public IP 'x.x.x.x' that we should not be serving. Removing it
| common/system_common.c:89 failed to open raw socket (Invalid argument)
| Could not find which interface the ip address is hosted on. can not release it
and
| common/system_linux.c:344 failed to open raw socket (Invalid argument)
The corresponding parts in ctdb's code look like this:
| s = socket(AF_INET, SOCK_RAW, htons(IPPROTO_RAW));
converting IPPROTO_RAW to 0xff00 (from strace):
| socket(PF_INET, SOCK_RAW, 0xff00 /* IPPROTO_??? */) = -1 EINVAL (Invalid argument)
Removing htons() from both calls seems to fix the issue for us. Is it
possible that the call to htons is just wrong and should be removed?
-- Adi
[1] https://security-tracker.debian.org/tracker/CVE-2015-8543
More information about the samba
mailing list