Re: NFSv3+Krb5 and mountd - J. Bruce Fields

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Per Olofsson <pelle@dsv.su.se>, Paul Jakma <paul@clubi.ie>,
	nfs@lists.sourceforge.net
Subject: Re: NFSv3+Krb5 and mountd
Date: Thu, 2 Sep 2004 11:39:08 -0400	[thread overview]
Message-ID: <20040902153908.GB32379@fieldses.org> (raw)
In-Reply-To: <1093904714.8729.106.camel@lade.trondhjem.org>

On Mon, Aug 30, 2004 at 06:25:14PM -0400, Trond Myklebust wrote:
> På må , 30/08/2004 klokka 14:04, skreiv J. Bruce Fields:
> > Well, I suppose unauthenticated locks are a DOS at worse.  But the
> > lookup of the initial filehandle seems more security-critical to me.
> 
> What can an attacker do with that filehandle?

One attack that rpcsec_gss is designed to prevent is spoofing of
server's replies to the client.  The client needs to be able to trust
the root filehandle returned by the server; an attacker could probably
do some interesting things by feeding the client faked replies with
incorrect filehandles.

> Actually re-reading the RFC, it does not actually restrict MOUNT to
> AUTH_SYS-only, but again - interoperability with Solaris automounters
> means that it is pretty much expected...

Yeah, OK, but it's unfortunate.  It would be better just to require the
automounter to have credentials of some sort.

--Bruce Fields


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

next prev parent reply	other threads:[~2004-09-02 15:39 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-08-24 18:41 NFSv3+Krb5 and mountd Per Olofsson
2004-08-30  1:41 ` Paul Jakma
2004-08-30  2:01   ` J. Bruce Fields
2004-08-30 15:45     ` Per Olofsson
2004-08-30 16:45       ` Trond Myklebust
2004-08-30 17:17         ` J. Bruce Fields
2004-08-30 17:45           ` Trond Myklebust
2004-08-30 18:04             ` J. Bruce Fields
2004-08-30 22:25               ` Trond Myklebust
2004-09-02 15:39                 ` J. Bruce Fields [this message]
2004-08-30 21:54           ` Per Olofsson
2004-08-30 21:25         ` Per Olofsson

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040902153908.GB32379@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=nfs@lists.sourceforge.net \
    --cc=paul@clubi.ie \
    --cc=pelle@dsv.su.se \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.