[Labeled-nfs] Labeled RPC & NFS
Dave Quigley
dpquigl at tycho.nsa.gov
Mon Jan 14 17:14:52 EST 2008
On Tue, 2008-01-15 at 09:12 +1100, James Morris wrote:
> On Mon, 14 Jan 2008, Matthew N. Dodd wrote:
>
> > James Morris wrote:
> > > It pretty much needs to "just work". Enabling MAC on NFS should not mean
> > > having to change authentication schemes, especially to something potentially
> > > less secure.
> >
> > We're somewhat limited by our inability to inject random context data into the
> > GSS_RPC stream.
> >
> > As I've mentioned before, even if you solve this the current code caches
> > credential data by UID, which makes it difficult to support processes of
> > differing labels running under the same UID.
> >
> > Now, we could bump RPC_GSS_VERSION, add a flags field and TLVs to hold the
> > label, but that involves a whole lot of buy-in.
> >
> > Solving this up at the NFS layer has its own problems.
>
> Well, that was the hope. What are the problems ?
>
Steve brought up a problem with placing this at the NFS protocol level
and it is this. What stops a random process from opening up a raw socket
and hand encoding NFS rpc messages to the server? With no auth the
answer is nothing however, with kerberos the questions are where does
krb5d store the credentials, who can get access to them, and under what
conditions. There is a krb5cc-$uid file created under tmp which is used
for the credentials cache and any process that is running as that UID
can access it.
Dave
More information about the Labeled-nfs
mailing list