From: "J. Bruce Fields" <bfields@fieldses.org>
To: Greg Banks <gnb@melbourne.sgi.com>
Cc: Neil Brown <neilb@suse.de>,
Linux NFS Mailing List <nfs@lists.sourceforge.net>
Subject: Re: [PATCH 6/8] knfsd: repcache: use client IP address in hash
Date: Mon, 23 Oct 2006 15:51:53 -0400 [thread overview]
Message-ID: <20061023195153.GA8983@fieldses.org> (raw)
In-Reply-To: <1160566130.8530.17.camel@hole.melbourne.sgi.com>
On Wed, Oct 11, 2006 at 09:28:50PM +1000, Greg Banks wrote:
> knfsd: Use the client's IP address in the duplicate request cache
> hash function, instead of just the XID.
By the way, do we ever match the credential used on the replayed request
with the credential used on the original request? From a quick check of
the code, I can't see any place where we do.
It strikes me as something as an attacker might be able to have some fun
with. (Poison the cache with requests matching xid's you expect to be
used in the future? "Replay" somebody else's request just to see a
response that you wouldn't otherwise have been able to?)
--b.
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
prev parent reply other threads:[~2006-10-23 19:52 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-10-11 11:28 [PATCH 6/8] knfsd: repcache: use client IP address in hash Greg Banks
2006-10-12 2:30 ` Trond Myklebust
2006-10-12 8:21 ` Greg Banks
2006-10-12 14:19 ` Chuck Lever
2006-10-12 15:31 ` J. Bruce Fields
2006-10-16 2:27 ` Neil Brown
2006-10-16 10:59 ` Greg Banks
2006-10-16 13:42 ` Trond Myklebust
2006-10-16 22:49 ` Neil Brown
2006-10-23 19:51 ` J. Bruce Fields [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20061023195153.GA8983@fieldses.org \
--to=bfields@fieldses.org \
--cc=gnb@melbourne.sgi.com \
--cc=neilb@suse.de \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.