Bug #9674
closed
Let's scrap AVS/sdbc
100%
Description
The AVS (Availability Suite) is in illumos-gate, but a quick survey of OmniOS, SmartOS, and OpenIndiana indicate it's not included with a default installation. Furthermore, it appears to have at least one vulnerability: https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-2892---Kernel-Level-Privilege-Escalation-in-Oracle-Solaris/
Since it's NOT installed by default on distros (and it's likely not in the storage appliance ones either because they do it better), we should trash this entirely.
Updated by Yuri Pankov over 5 years ago
- Category set to kernel
- Status changed from New to In Progress
- Assignee set to Yuri Pankov
- % Done changed from 0 to 10
- Difficulty changed from Medium to Bite-size
- Tags deleted (
needs-triage)
Updated by Joshua M. Clulow over 5 years ago
List of files removed from proto by this change:
usr/cluster/sbin/dscfg_reconfigure usr/cluster/sbin/ii usr/cluster/sbin/rdc usr/cluster/sbin/sv usr/include/nsctl.h usr/include/sys/nsc_ddi.h usr/include/sys/nsc_thread.h usr/include/sys/nskernd.h usr/include/sys/nsctl/cfg.h usr/include/sys/nsctl/cfg_cluster.h usr/include/sys/nsctl/cfg_impl.h usr/include/sys/nsctl/cfg_lockd.h usr/include/sys/nsctl/contract.h usr/include/sys/nsctl/dsw.h usr/include/sys/nsctl/dsw_dev.h usr/include/sys/nsctl/librdc.h usr/include/sys/nsctl/model.h usr/include/sys/nsctl/ncall_inter.h usr/include/sys/nsctl/nsc_dev.h usr/include/sys/nsctl/nsc_disk.h usr/include/sys/nsctl/nsc_gen.h usr/include/sys/nsctl/nsc_hash.h usr/include/sys/nsctl/nsc_ioctl.h usr/include/sys/nsctl/nsc_mem.h usr/include/sys/nsctl/nsc_power.h usr/include/sys/nsctl/nsc_rmspin.h usr/include/sys/nsctl/nsctl.h usr/include/sys/nsctl/nsctl_inter.h usr/include/sys/nsctl/nsvers.h usr/include/sys/nsctl/rdc.h usr/include/sys/nsctl/rdc_bitmap.h usr/include/sys/nsctl/rdc_diskq.h usr/include/sys/nsctl/rdc_io.h usr/include/sys/nsctl/rdc_ioctl.h usr/include/sys/nsctl/rdc_prot.h usr/include/sys/nsctl/rdcerr.h usr/include/sys/nsctl/rdcrules.h usr/include/sys/nsctl/safestore.h usr/include/sys/nsctl/sd_bcache.h usr/include/sys/nsctl/sd_cache.h usr/include/sys/nsctl/sd_conf.h usr/include/sys/nsctl/sd_hash.h usr/include/sys/nsctl/sd_pcu.h usr/include/sys/nsctl/sd_trace.h usr/include/sys/nsctl/sdbc_ioctl.h usr/include/sys/nsctl/sv.h usr/include/sys/nsctl/sv_efi.h usr/include/sys/nsctl/sv_impl.h usr/include/sys/ncall/ncall.h usr/include/sys/ncall/ncall_module.h usr/include/sys/unistat/spcs_dtrinkets.h usr/include/sys/unistat/spcs_errors.h usr/include/sys/unistat/spcs_etext.h usr/include/sys/unistat/spcs_etrinkets.h usr/include/sys/unistat/spcs_s.h usr/include/sys/unistat/spcs_s_impl.h usr/include/sys/unistat/spcs_s_k.h usr/include/sys/unistat/spcs_s_u.h usr/share/man/man4/ds.log.4 usr/share/man/man4/rdc.cf.4 usr/share/man/man4/sndr.4 usr/share/man/man7d/ii.7d usr/share/man/man7d/sv.7d usr/share/man/man1m/dsbitmap.1m usr/share/man/man1m/dscfg.1m usr/share/man/man1m/dscfgadm.1m usr/share/man/man1m/dscfglockd.1m usr/share/man/man1m/dsstat.1m usr/share/man/man1m/iiadm.1m usr/share/man/man1m/iicpbmp.1m usr/share/man/man1m/iicpshd.1m usr/share/man/man1m/nscadm.1m usr/share/man/man1m/scmadm.1m usr/share/man/man1m/sndradm.1m usr/share/man/man1m/sndrd.1m usr/share/man/man1m/sndrsyncd.1m usr/share/man/man1m/svadm.1m usr/bin/dsbitmap usr/bin/dscfg usr/bin/dscfg_reconfigure.cluster usr/bin/dscfgadm usr/bin/dscfgcli usr/bin/dscfglockd usr/bin/dsstat usr/bin/iiadm usr/bin/iiboot usr/bin/iicpbmp usr/bin/iicpshd usr/bin/ncalladm usr/bin/nscadm usr/bin/nskernd usr/bin/scmadm usr/bin/sd_diag usr/bin/sd_stats usr/bin/sndradm usr/bin/sndrboot usr/bin/sndrd usr/bin/sndrsyncd usr/bin/svadm usr/bin/svboot usr/sbin/dsbitmap usr/sbin/dscfg usr/sbin/dscfgadm usr/sbin/dsstat usr/sbin/nscadm usr/sbin/scmadm usr/sbin/sndradm usr/sbin/sndrboot usr/sbin/svadm usr/sbin/svboot usr/kernel/misc/amd64/rdcsrv usr/kernel/misc/amd64/rdcstub usr/kernel/misc/amd64/spuni usr/kernel/drv/ii.conf usr/kernel/drv/ncall.conf usr/kernel/drv/nsctl.conf usr/kernel/drv/nskern.conf usr/kernel/drv/rdc.conf usr/kernel/drv/sdbc.conf usr/kernel/drv/sv.conf usr/kernel/drv/amd64/ii usr/kernel/drv/amd64/ncall usr/kernel/drv/amd64/nsctl usr/kernel/drv/amd64/nskern usr/kernel/drv/amd64/rdc usr/kernel/drv/amd64/rdcsrv usr/kernel/drv/amd64/rdcstub usr/kernel/drv/amd64/sdbc usr/kernel/drv/amd64/sv usr/lib/dscfglockd usr/lib/libdscfg.so.1 usr/lib/libnsctl.so.1 usr/lib/librdc.so.1 usr/lib/libunistat.so.1 usr/lib/llib-ldscfg.ln usr/lib/llib-lnsctl.ln usr/lib/llib-lrdc.ln usr/lib/llib-lunistat.ln usr/lib/ncalladm usr/lib/nskernd usr/lib/sndrd usr/lib/sndrsyncd usr/lib/mdb/kvm/amd64/ii.so usr/lib/mdb/kvm/amd64/nsctl.so usr/lib/mdb/kvm/amd64/rdc.so usr/lib/mdb/kvm/amd64/sdbc.so usr/lib/mdb/kvm/amd64/sv.so etc/dscfg_format etc/init.d/ii etc/init.d/ii.cluster etc/init.d/rdc etc/init.d/rdc.cluster etc/init.d/rdcfinish etc/init.d/scm etc/init.d/sv etc/init.d/sv.cluster kernel/kmdb/amd64/ii kernel/kmdb/amd64/nsctl kernel/kmdb/amd64/rdc kernel/kmdb/amd64/sdbc kernel/kmdb/amd64/sv lib/svc/manifest/system/nws_ii.xml lib/svc/manifest/system/nws_rdc.xml lib/svc/manifest/system/nws_rdcsyncd.xml lib/svc/manifest/system/nws_scm.xml lib/svc/manifest/system/nws_sv.xml lib/svc/method/svc-ii lib/svc/method/svc-rdc lib/svc/method/svc-rdcsyncd lib/svc/method/svc-scm lib/svc/method/svc-sv
Updated by Electric Monk over 5 years ago
- Status changed from In Progress to Closed
- % Done changed from 10 to 100
git commit cb41b9c565d4eec9e1f06e24d429696f59f2f07d
commit cb41b9c565d4eec9e1f06e24d429696f59f2f07d
Author: Yuri Pankov <yuri.pankov@nexenta.com>
Date: 2018-08-07T23:46:22.000Z
9674 Let's scrap AVS/sdbc
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Approved by: Joshua M. Clulow <josh@sysmgr.org>
Updated by Stephen Rondeau about 5 years ago
I have been actively using AVS via OpenIndiana for the past several years. for remote mirroring.
Imagine my surprise when all of a sudden (after upgrading to OpenIndiana Hipster 2018.4), I could no longer use dsstat and sndradm. When I tried to re-install storage/avs, there was no record that it didn't exist; rather, "pkg install storage/avs" reported:
No updates necessary for this image.
And yet the binaries were nowhere to be found.
I understand that it takes work to maintain Illumos and OpenIndiana, and that some if not all is voluntary. I know there must be decisions made about what is essential and what is not, but "hey, none of the major distros include AVS as default so let's get rid of it -- and avoid needing to fix a security hole as well" doesn't seem like the right way to approach the deletion of a feature. And it appears that you don't know who is using it. I don't see any discussion other than this "bug" report about deleting it, nor any release notes (via googling and searching the Illumos Wiki) stating it was removed.
If there are alternatives to AVS using OpenIndiana, please advise.