[68] in linux-security and linux-alert archive
Re: Safe NFS outline
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Wed Mar 8 17:42:42 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Wed, 8 Mar 1995 18:31:16 +0100 (MET)
In-Reply-To: <m0rmOae-0004i6C@[192.77.155.4]> from "Raul Miller" at Mar 8, 95 11:28:00 am
From: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas Koenig)
Reply-To: linux-security@tarsier.cv.nrao.edu
>
> Hmm...
>
> (1) say something about the life time of a pass-key (e.g. up to an
> hour, or the drop of a hat -- whichever comes first). With a modicum
> of network security, you should only need pass-keys for the mount
> points. You'll need a challenge/response mechanism in the secure nfs
> clients anyways..
I think this is incompatible with existing client implementations.
NFS is supposed to be stateless even across a server crash, and
a handle is supposed to stay valid forever.
The proposal I presented is specifically aimed at compatibility
with existing clients (who only need to worry about the NFS
file handle, which is opaque to them). Redesigning NFS is a
bigger task, which Sun may already have done with revision 3
of the protocol (which I haven't read).
> (2) make the maximum number of simultaneous pass-keys for file system
> configurable by the nfs administrator. That's more of a local policy
> issue than a communications standard.
Yes, this makes sense.
Thomas
