From: NeilBrown <neilb@suse.de>
To: Jeff Layton <jlayton@redhat.com>
Cc: Chuck Lever <chuck.lever@oracle.com>, linux-nfs@vger.kernel.org
Subject: Re: [PATCH] nfs: fix host_reliable_addrinfo (try #2)
Date: Thu, 23 Jun 2011 12:31:17 +1000 [thread overview]
Message-ID: <20110623123117.40403d5f@notabene.brown> (raw)
In-Reply-To: <20110622133238.019d6157@tlielax.poochiereds.net>
On Wed, 22 Jun 2011 13:32:38 -0400 Jeff Layton <jlayton@redhat.com> wrote:
> On Wed, 22 Jun 2011 10:50:11 -0600
> Chuck Lever <chuck.lever@oracle.com> wrote:
>
> > Thanks.
> >
> > This is a security problem, but I don't want to lose sight of the original cause of this bug, which was my lack of understanding of the function of the old code and the API contract (return only _one_ address).
> >
> > For extra credit, we might check if statd has a similar issue when it matches addresses.
> >
>
> I don't think statd is vulnerable, as best I can tell. I don't see any
> places where we do a getnameinfo on an address and then go and use that
> to get a list of addresses with getaddrinfo.
>
> Please do double check me on this though. I go on vacation next week
> and I think my brain might already have left.
>
Agggh... my eyes tend to glaze over whenever I try to think about statd :-(
However:
statd gets MON/UNMON requests from the kernel lockd, and NOTIFY requests
from other hosts that have rebooted.
The MON/UNMON requests can only contain a host name or IP that has been
explicity requested locally so we have to basically trust though - though
all we do with them it talk to the remote host a bit.
The NOTIFY request contains a host name and if we are monitoring anything
that which has that name, we assume that it has rebooted.
The remote host that sends the NOTIFY could well be lying, but there is no
a whole lot that we can do about that. This is a fundamental issue in the
protocol rather than any mishandling of host name lookup.
So I think statd looks as safe as it ever has been.
NeilBrown
next prev parent reply other threads:[~2011-06-23 2:31 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-22 15:35 [PATCH] nfs: fix host_reliable_addrinfo (try #2) Jeff Layton
2011-06-22 16:50 ` Chuck Lever
2011-06-22 17:32 ` Jeff Layton
2011-06-23 2:31 ` NeilBrown [this message]
2011-06-22 17:18 ` J. Bruce Fields
2011-06-22 18:53 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20110623123117.40403d5f@notabene.brown \
--to=neilb@suse.de \
--cc=chuck.lever@oracle.com \
--cc=jlayton@redhat.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).