cli: misc zip-related fixes #44064
Merged
cli: misc zip-related fixes #44064
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Release note (bug fix): `cockroach zip` now emits the `goroutine` file in the proper sub-directory when the corresponding call fails with an error.
Release note: None
Release note: None
|
This change is |
The recent addition of the goroutine dump collection in cockroachdb#36813 introduced a bug where `debug zip` would prematurely stop if it could not request the goroutine file list. This patch fixes that. Release note (bug fix): `cockroach debug zip` is again able to operate correctly and continue to iterate over all nodes if one of the nodes does not deliver its goroutine dumps. It would previously prematurely and incorrectly stop with an incomplete dump; this was a regression introduced in 19.2.
tbg
approved these changes
Jan 16, 2020
There was a problem hiding this comment.
Very nice, thank you @knz
Reviewed 1 of 1 files at r1, 2 of 2 files at r2, 1 of 1 files at r3, 2 of 2 files at r4.
Reviewable status:complete! 0 of 0 LGTMs obtained (waiting on @ajwerner)
|
TFYR bors r=tbg |
Build failed |
|
let's queue this with the other one bors r=tbg |
Build failed (retrying...) |
Build failed (retrying...) |
Build failed (retrying...) |
|
pulling this out until the bors queue clears bors r- |
Canceled |
|
bors r=tbg |
craig bot
pushed a commit
that referenced
this pull request
Jan 16, 2020
44043: cli,log: change the default file permissions r=ajwerner a=knz Requested/recommended by @aaron-crl in cockroachdb/docs#5444 Prior to this patch, files created by a CockroachDB node were created with the default umask (usualy 0777) and permission bits 0644, i.e. `-rw-r--r--`. This situation is defective because in most common deployments umask does not exclude the "other" bits and the resulting data, log and temp files are world-readable. This is unsafe because any of these files can contain sensitive information. As Aaron puts it: > If another service on the system has an arbitrary file read > vulnerability but it is running under its own user account, limiting > these permissions would limit the potential impact of such a > vulnerability. Whereas in the current setup, an attacker could real > CRDB sensitive information from any other compromised user access. This patch rectifies this situation by enforcing at least bits 0007 in the umask early in `cockroach start`, so that created files, directories, symlinks etc have at most `-rw-rw----` (most will be `-rw-r-----`). Release note (security update): A CockroachDB node process (`start` / `start-single-node`) now configures its umask to create all its files without unix permission bits for "others", so that data/log/etc files do not become world-readable by default in systems that do not otherwise customize umask to enforce log file visibility. The files produced by other `cockroach` commands (e.g. the CLI commands) do not force their umask. Release note (backward-incompatible change): CockroachDB now creates files without read permissions for the "others" group. Sites that automate file management (e.g. log collection) using multiple user accounts now must ensure that the CockroachDB server and the management tools running on the same system are part of a shared unix group. 44064: cli: misc zip-related fixes r=tbg a=knz Fixes #43966. Mostly fixes the `zip` regression introduced in 19.2 by #36813. Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
Build succeeded |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #43966.
Mostly fixes the
zipregression introduced in 19.2 by #36813.