From: "Adamson, Andy" <William.Adamson@netapp.com>
To: "linux-nfs@vger.kernel.org list" <linux-nfs@vger.kernel.org>
Subject: Fwd: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations
Date: Wed, 7 Aug 2013 18:28:13 +0000 [thread overview]
Message-ID: <D95FC43A-2662-4922-8FF8-0FB063D781B0@netapp.com> (raw)
In-Reply-To: F7CE9E5F-E136-4E5B-98CA-929DA93D1083@netapp.com
Re-send due to my mailer adding html to the message, and thus being rejected by linux-nfs@vger.kernel.org
-->Andy
Begin forwarded message:
> From: "Adamson, Andy" <William.Adamson@netapp.com>
> Subject: Re: [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations
> Date: August 7, 2013 2:24:31 PM EDT
> To: "Myklebust, Trond" <Trond.Myklebust@netapp.com>
> Cc: "Adamson, Andy" <William.Adamson@netapp.com>, "linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
>
>
> On Aug 7, 2013, at 2:19 PM, "Myklebust, Trond" <Trond.Myklebust@netapp.com>
> wrote:
>
>> On Wed, 2013-08-07 at 14:04 -0400, Trond Myklebust wrote:
>>> On Wed, 2013-08-07 at 18:01 +0000, Adamson, Andy wrote:
>>>>
>>>> Here is the attack as described in 3530bis Security Considerations
>>>> section:
>>>>
>>>>
>>>> The second operation that should definitely use integrity protection
>>>> is any GETATTR for the fs_locations attribute. The attack has two
>>>> steps. First the attacker modifies the unprotected results of some
>>>> operation to return NFS4ERR_MOVED. Second, when the client follows
>>>> up with a GETATTR for the fs_locations attribute, the attacker
>>>> modifies the results to cause the client migrate its traffic to a
>>>> server controlled by the attacker.
>>>
>>> You can the exact same thing by changing the READLINK results.
>>
>> The attack is: change the unprotected LOOKUP results to point to a
>> symlink, then feed '/net/<evil-ip-address>/my/evil/pathname' into
>> READLINK.
>>
>> My point is that if you're on a network where the above is a potential
>> threat, then you should be using krb5i or, better yet, krb5p for _all_
>> operations. It's not sufficient to single out fs_locations for special
>> treatment.
>
> In that case, why did you accept commit 4edaa308 "NFS: Use "krb5i" to establish NFSv4 state whenever possible" ?
>
> -->Andy
>
>>
>> --
>> Trond Myklebust
>> Linux NFS client maintainer
>>
>> NetApp
>> Trond.Myklebust@netapp.com
>> www.netapp.com
>
next prev parent reply other threads:[~2013-08-07 18:28 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-22 16:42 [PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn andros
2013-07-22 16:42 ` [PATCH 2/4] NFSv4.1 Use clientid management rpc_clnt for fs_locations andros
2013-08-07 16:54 ` Myklebust, Trond
[not found] ` <479EB531-9CD2-42E2-AB98-A3CD9B13603D@netapp.com>
2013-08-07 18:04 ` Myklebust, Trond
2013-08-07 18:19 ` Myklebust, Trond
2013-08-07 18:24 ` Adamson, Andy
2013-08-07 18:28 ` Adamson, Andy [this message]
2013-08-07 18:32 ` Myklebust, Trond
2013-08-07 18:32 ` Adamson, Andy
2013-08-07 18:36 ` Myklebust, Trond
2013-07-22 16:42 ` [PATCH 3/4] NFSv4.1 Use clientid management rpc_clnt for secinfo andros
2013-07-22 16:58 ` Myklebust, Trond
2013-07-22 17:14 ` Adamson, Andy
2013-08-07 16:57 ` Myklebust, Trond
2013-07-22 16:42 ` [PATCH 4/4] NFSv4.1 Use clientid management rpc_clnt for secinfo_no_name andros
2013-08-07 16:58 ` Myklebust, Trond
2013-07-22 16:44 ` [PATCH 1/4] NFSv4.1 Use the mount point rpc_clnt for layoutreturn Myklebust, Trond
2013-07-22 16:46 ` Myklebust, Trond
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D95FC43A-2662-4922-8FF8-0FB063D781B0@netapp.com \
--to=william.adamson@netapp.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.