[18] in linux-net channel archive
NFS mounting from multihomed hosts (Oh no, not again...)
daemon@ATHENA.MIT.EDU (Swen Thuemmler)
Wed Jan 11 12:13:23 1995
Date: Wed, 11 Jan 1995 16:56:05 +0100 (MET)
From: Swen Thuemmler <swen@uni-paderborn.de>
To: Linux Activists <linux-activists@niksula.hut.fi>,
Linux Net <linux-net@vger.rutgers.edu>
Cc: Linus Torvalds <Linus.Torvalds@cs.helsinki.fi>,
Rick Sladkey <jrs@world.std.com>
In-Reply-To: <Pine.SOL.3.91.950110142738.11480A-100000@gingganz>
X-Mn-Key: NET
On Tue, 10 Jan 1995, I wrote:
> Well, here are some new patches, which should partially solve this
> problem. The client inspects the source address of the first NFS packet
> from server and then connect()s to this address. From then on, it should
> only receive packets from this address.
[...]
> I think, this behaviour should be secure enough, given all the other
> security problems with NFS.
>
> Comments?
Yes. I have to make a comment myself. I applied the more secure patches
and now have bean bitten by them :(. Scenario is as follows:
I have an nfs-server with 3 (three) interfaces named
mallorca for the subnet
mallorca-bb for the ethernet backbone
mallorca-fb for the fddi backbone
The server got mounted by amd when a user with his homedir on it logged
in. Unfortunately at this time due to a reboot of a gateway, the route
over the fddi backbone did not work. But the ethernet backbone still
worked, so the client code connected to mallorca-fb. After a while, the
gateway was up again, routes changed, and all nfs replies now came from
mallorca-fb, which the client did not accept, since it was connected to
mallorca-bb. I did use tcpdump to verify this:
This is a client request:
linux.5a7dc844 > mallorca-bb.nfs: 116 lookup fh 7,2/2 "freak" (ttl 64, id
40667)
This is the answer (which is discarded)
mallorca-fb.nfs > linux.5a7dc844: reply ok 128 (ttl 254, id 10031)
This is an NFS ping from amd:
linux.f2530000 > mallorca.nfs: 40 null (ttl 64, id 40671)
mallorca-fb.nfs > linux.f2530000: reply ok 24 (ttl 254, id 10196)
Amd gets the answer (since it does use user level code) and thinks,
mallorca is still alive, so it cannot keep other programs accessing
mallorca from hanging.
Since our Suns do not show these problems, I think this indicates that at
least in SunOS 4.1.3 and SunOS 5.3 NFS packets are accepted from any
address. They have no easy way to get the addresses of all interfaces
(they are not in the nameserver).
I will now revert to the older patch without the connect(), and I hope to
have provided at least some justification to make this standard.
Comments?
Greetings, Swen
