From: "J. Bruce Fields" <bfields@redhat.com>
To: Olga Kornievskaia <aglo@umich.edu>
Cc: Olga Kornievskaia <kolga@netapp.com>,
Christoph Hellwig <hch@infradead.org>,
linux-nfs <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH v8 0/9] NFSD support for async COPY
Date: Tue, 17 Apr 2018 13:39:48 -0400 [thread overview]
Message-ID: <20180417173947.GJ10291@parsley.fieldses.org> (raw)
In-Reply-To: <CAN-5tyHodwte-JUNjuqJBoyX26wFwrrmvkgc4kZrWDfN4FO_2Q@mail.gmail.com>
On Tue, Apr 17, 2018 at 12:15:13PM -0400, Olga Kornievskaia wrote:
> So I see your concern that in order to allow for the destination
> server to read the file from the source server, the source server must
> allow client_id/session creation and that actually really leads to
> being able to send any other compound to the source server.
That may be, but I wasn't actually worrying about the source server, I
was worrying about the target:
> Btw, what your security thread here? If the client has control over
> the server, then what are you trying to protect? If the client
> controls the source server, then it can read whatever is stored on it
> and if it decides to provide same ability to anybody else why would
> that matter? How's any different from giving away your password to
> whomever and them accessing files as that user?
I assume the attacker knows a vunlerability in the Linux NFS client code
that processes READ (or EXCHANGE_ID or CREATE_SESSION) replies.
It sends a COPY request to an NFS server that tells it copy a file from
a "server" that the attacker controls. The victim NFS server then tries
to read from the attacker's server, which sends replies that exploit the
vulnerability.
--b.
next prev parent reply other threads:[~2018-04-17 17:39 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-13 17:01 [PATCH v8 0/9] NFSD support for async COPY Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 1/9] NFSD CB_OFFLOAD xdr Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 2/9] NFSD OFFLOAD_STATUS xdr Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 3/9] NFSD OFFLOAD_CANCEL xdr Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 4/9] NFSD xdr callback stateid in async COPY reply Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 5/9] NFSD introduce async copy feature Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 6/9] NFSD create new stateid for async copy Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 7/9] NFSD handle OFFLOAD_CANCEL op Olga Kornievskaia
2018-04-17 18:06 ` Anna Schumaker
2018-04-17 18:08 ` Olga Kornievskaia
2018-04-17 18:10 ` Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 8/9] NFSD support OFFLOAD_STATUS Olga Kornievskaia
2018-04-13 17:01 ` [PATCH v8 9/9] NFSD stop ongoing async copies on client shutdown Olga Kornievskaia
2018-04-14 7:22 ` [PATCH v8 0/9] NFSD support for async COPY Christoph Hellwig
2018-04-14 12:32 ` Olga Kornievskaia
2018-04-18 7:05 ` Christoph Hellwig
2018-04-16 21:45 ` J. Bruce Fields
2018-04-17 6:52 ` Christoph Hellwig
2018-04-17 13:22 ` Olga Kornievskaia
2018-04-17 13:41 ` J. Bruce Fields
2018-04-17 13:45 ` Olga Kornievskaia
[not found] ` <FE7DF381-A335-4827-94AB-1DEBF5FCEB05@netapp.com>
2018-04-17 13:57 ` J. Bruce Fields
2018-04-17 14:04 ` J. Bruce Fields
2018-04-17 14:08 ` Olga Kornievskaia
2018-04-17 14:13 ` Olga Kornievskaia
2018-04-17 14:50 ` Anna Schumaker
2018-04-17 14:41 ` Steve Dickson
[not found] ` <1E0C45FE-2214-41FB-8634-1005CC13AD9E@netapp.com>
2018-04-18 7:08 ` Christoph Hellwig
2018-04-24 20:29 ` Olga Kornievskaia
2018-04-27 16:03 ` J. Bruce Fields
2018-04-27 23:11 ` Olga Kornievskaia
2018-05-22 21:05 ` Olga Kornievskaia
2018-05-22 22:01 ` J. Bruce Fields
2018-04-17 13:42 ` J. Bruce Fields
2018-04-17 15:00 ` J. Bruce Fields
2018-04-17 15:17 ` Olga Kornievskaia
2018-04-17 15:41 ` J. Bruce Fields
2018-04-17 15:58 ` J. Bruce Fields
2018-04-17 17:41 ` J. Bruce Fields
2018-04-17 16:15 ` Olga Kornievskaia
2018-04-17 17:39 ` J. Bruce Fields [this message]
2018-04-18 7:07 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180417173947.GJ10291@parsley.fieldses.org \
--to=bfields@redhat.com \
--cc=aglo@umich.edu \
--cc=hch@infradead.org \
--cc=kolga@netapp.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).