[625] in linux-security and linux-alert archive
Re: [linux-security] Announcement: ONC RPC / NIS security with SSH (fwd)
daemon@ATHENA.MIT.EDU (Claudio Telmon)
Tue Mar 5 12:28:20 1996
Date: Tue, 5 Mar 1996 12:04:59 +0100
From: Claudio Telmon <claudio@fire.di.unipi.it>
To: Thomas.Koenig@ciw.uni-karlsruhe.de
CC: linux-security@tarsier.cv.nrao.edu
In-reply-to: <199603041809.TAA04161@mvmap66.ciw.uni-karlsruhe.de> (Thomas.Koenig@ciw.uni-karlsruhe.de)
Thomas Koenig wrote:
> FYI. There IS a solution to the ypghost problem available.
Taken from ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_rpc/README.RPC
---clip---clip---clip----------
The idea is shown in this picture:
Client host Server host
+----------+ +----------+ +----------+ +----------+
| real RPC | ... | real RPC | | real RPC | ... | real RPC |
| Client | | Client | | Server | | Server |
+----------+ +----------+ +----------+ +----------+
^ ^ ^ ^
| RPC communication | | RPC communication |
| via localhost | | via localhost |
| | | |
| +----------+ | +------------+
| | | |
v v v v
+-----------+ +-----------+
| Proxy RPC | SSH channel | Proxy RPC |
| Server |<--------------------------------->| Client |
+-----------+ forwarding RPC messages with +-----------+
maps XIDs a globally unique XID (GXID) simply forwards
back and forth requests and replies,
acts as ONE virtual client
Mapping XIDs
------------
The mapping of the XIDs works as follows:
- The client sends its request to the proxy server.
- The proxy server replaces the original XID (generated by the client)
with a globally unique one, keeps this mapping in a list and forwards
the message via the SSH channel.
"Globally unique" means unique for all requests sent by the proxy
server to the proxy client, thereby hiding the different real clients
from the real server. The GXID is incremented by one with each new
request. Retransmitted requests get all the same GXID.
Each mapping has a reference counter to indicate how often the mapping
is in use. There is an upper limit the user has to set. This limit
was introduced to avoid superfluous retransmissions. Normally datagrams
can't get lost because they are transmitted via the reliable SSH channel.
When setting the limit to one, a request is never retransmitted.
The counter for the GXID wraps to zero after incrementing past the
maximum value (2^32 - 1), thus possibly losing its uniqueness. For
practical purposes this shouldn't be a problem because the proxy server
wipes out stale mappings (by default every 60 seconds).
- The proxy server reads replies from the SSH channel and maps the
GXID back to the original XID. If there is no mapping for a given
GXID in the list, the reply is silently dropped.
- The client receives the correct reply from the proxy server.
---clip---clip---clip---
It seems that you need to start in advance a different ssh (rpc proxy)
client on the RPC server for every RPC client, and the RPC client should
start the ssh server before the client tries to connect.
More problems arise when a client goes down, since the ssh connection
is TCP.
On ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_rpc/NIS/README.NIS
there are some notes on RPC server crashes, but not on client problems.
Am I wrong?
ciao
- Claudio
