LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

Re: Simple script to Monitor LVS via Web

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Simple script to Monitor LVS via Web
From: Graeme Fowler <graeme@xxxxxxxxxxx>
Date: Wed, 12 Oct 2005 16:06:58 +0100
On Wed 12 Oct 2005 15:51:43 BST , Malcolm Turnbull <malcolm@xxxxxxxxxxxxxxxx> wrote:
That's why PHP no longer has register globals defaulted!
And also why you lock down your admin ip address by source ip.
My code has this vulnerability, but I'm not sure a helper app would be any more secure (sudo is a helper app.)

...as all the relevant values are produced in /proc/net/ip_vs[_app,_conn,_stats] then why not just write something to process those values instead? They're globally readable and don't need any helper apps to view them at all.

Yes, you'd be re-inventing a small part of ipvsadm's functionality. The security improvements alone are worth it; the fact that the overhead of running sudo & then ipvsadm is removed by just doing an open() on a /proc file might be worth it in situations where you may have many users running your web app.

Sure, you need to decode the hex values to make them "nice". Unless you have the sort of users who read hex encoding all the time :)

Graeme


<Prev in Thread] Current Thread [Next in Thread>