From Linux NFS
calendari lesbo hotel san marco parma fc voli low cost alghero venezia decoder falcon ci 6600 numeri telefonici di myami rivenditori caschi da moto la croce gloriosa guida alla muscolazione villa pini foto montagna vogliosa di cazzo volo los angeles azardo immagine drago beach girl navigatori gps palmari schlick, arnolt carnet di ballo himno nacional del per kancelarya huntington park televisore lcd 15 e radio stampanti con scanner lexmark sony wireless home theatre estetista corsi game boy advance sp artic blue la guerra dei gavettoni sentiero solitario s paulu adidas zip sony dcr-hc 30e regali idea regalo scacchiere ci vuole un attimo aleandro baldi mappa berlino video de decapitation de paul jonson plasma panasonic 37 tetra- bagutti midi www bahia it laser hp stampante pelletterie in firenze hard disk con lettori di schede video esecuzioni in irak www ea games it telefono rovigo vermilion nokia 3510 telefonino la torre del mangia salt un gioco di sparatutto u.d.o. thundervision never stop lumix 8 maracaibo colombo hp- officejet 7210 nuovi zombies sui nostri schermi seca residenza teo mammuccari cd quartetto pazzo stafania orlando testo my heart will go on ventose bagno archivio estrazione lotto tastiera e mouse per apple maria rosa mare vacanza puglia aereoporto linate aesop banner maker designer scaffale designjet 130 nr rich jeans microsoft windows xp media ipod speaker jbl pci-express - ati sapphire radeon x550 immagini diddl desktop www alberghi mestre sborrate con noi linch senza cravata foto carolina total request live mtv il teschio di londra inuyasha e kagome barche in vetroresina cineriz li jon lavastoviglie scomparsa totale sintoamplificatori lettore dvd jamie pressley publicinvasion semolei la fiamma the doctor rex congelatore ci100fb attrezzatura bar ariete toast mezzora dei zero assoluto vendita quadri altoparlanti ipod lansing noi siamo angeli. vol. 02 softice carmen di pietro video fotocamera per hp ipaq biebl, konstantin halmahera porno film il primo cerchio interfaccia pioneer sakmann, bert il pilota del danubio video free gay heart rata monitor pc siemens deskstar t7k250 nomi di cantanti di cartoons dawnload gioco gratis fortuna clip stato patrimoniale kojiro shout honda gold wing zubair sigla di contro campo frajese ricetrasmettitori alan 777 pescare egitto sharm vacanze www provveditorato studi milano anitra bengali elion dizionario della lingua italiana videocamere digitali canon mvx300 wallpaper gratis congresso kyoto 1997 motori stradali charlotte church. dream a dream dinerdash enz luna park - impianti turu turu condizionatore auto european society cardiothoracic surgery televisori lcd da 15 pollici charrito negro navarra mario camerini wratchild la passionaria camera brindisi panche da inversione games girl swallow nardi forno elettrico ventilato fucile cressi freakys mobile porta tv plasma da ethernet a wireless www coppaitalia it officejet all in one shame shame shame trick me wav scheda audio esterna usb creative un albero di triple seven copertina album keane masterizzatori usb lightscribe pny geforce 7800gtx 256 mb pci express francesca duranti porno negre nude the blus brothers acer al2032wm foto nide donne gratis cucardas erogatore pesca otro dia mas sin verte sanyo plv z3 orologio gucci scopa elettrica hoover a batteria sit per sole donne nvidia fx540 anker, nini roll heredia www fica nikkor af 50mm f 1 8 d registratore cd tascam immobili in zona ponte di nona roma viata omului saint john (isola delle picco... gf6600 256 cartomanzia cartomante consulto radio fan cartoni porno lettore richmond dvx team gli scarafaggi brother mfc www latinchad mediterraneo colonna sonora film == Code Audit ==
| ID
| test
| tool test
| status
| owner
| notes
|
| V.A.1
| Audit the NFSv4 server code
|
| New
|
|
|
| V.A.2
| Audit the NFSv4 client code
|
| New
|
|
|
| V.A.3
| Audit the rpcbind / portmap code
|
| New
|
|
|
| V.A.4
| Audit the krb5 code
|
| DONE
|
| Assuming MIT krb5 libs are already reviewed
|
| V.A.5
| Audit the idmapd code
|
| New
|
|
|
| V.A.6
| Audit the mountd
|
| New
|
|
|
| V.A.7
| Audit the RPC authentication code (gssd, authsys, etc.)
|
| New
|
|
|
Security regression testing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.B.1
| Run Stanford/Coverity Checker periodically
|
| New
|
|
|
| V.B.2
| Run SMATCH as regression test periodically
|
| New
|
|
|
| V.B.3
| Run FlawFinder as regression test periodically
|
| New
|
|
|
| V.B.4
| Run Sparse as regression test periodically
|
| In Progress
| OSDL
| Data is reported for CITI kernels; need to understand how to analyze it
|
Administration tools
| ID
| test
| tool test
| status
| owner
| notes
|
| V.C.1
| Verify that only administrative users can access admin tools and config files
|
| New
|
| Perhaps run this in a test suite
|
Security features design review
| ID
| test
| tool test
| status
| owner
| notes
|
| V.D.1
| Review Authentication/ACL feature design
|
| New
|
| U Mich has done some NFS2/3 ACL testing 10/04
|
| V.D.2
| Review each security flavor feature design
Krb5
Spkm3
|
| New
|
|
|
| V.D.3
| Review security negotiation feature design
|
| New
|
| Still needs some implementation work
|
| V.D.4
| Review named attributes feature design
|
| New
|
| Still needs some implementation work
|
| V.D.5
| Review supporting advanced security flavors on the callback channel design
|
| New
|
| Still needs some implementation work
|
| V.D.6
| Penetration testing for client callback implementation
|
| New
|
|
|
Security feature testing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.E.1
| Ensure a functionality test sufficiently tests Authentication/ACL
|
| New
|
|
|
| V.E.2
| Ensure a functionality test sufficiently covers each security flavor
Krb5
Spkm3
|
| New
|
|
|
| V.E.3
| Ensure a functionality test sufficiently covers security negotiation
|
| New
|
|
|
| V.E.4
| Ensure a functionality test sufficiently covers named attributes
|
| New
|
|
|
| V.E.5
| Ensure a functionality test sufficiently covers advanced security flavors on callback channel
|
| New
|
|
|
| V.E.6
| Ensure a functionality test sufficiently covers penetration testing for client callback implementation
|
| New
|
|
|
| ID
| test
| tool test
| status
| owner
| notes
|
| V.F.1
| Identify security issues assuming attack from client-side
|
| Open
| Bull
| Bull planning on creating a list of issues in 2005
NFSv4 client
Denial of service
Userland daemons
Mount and other nfs utils
|
| V.F.2
| Identify security issues assuming attack from server-side
|
| Open
| Bull
| Bull planning on creating a list of issues in 2005
|
| V.F.3
| Identify security/privacy issues assuming listening by an active or passive third party
|
| Open'
| Bull
| Bull planning on creating a list of issues in 2005
|
Cross realm
| ID
| test
| tool test
| status
| owner
| notes
|
| V.G.1
| Two v4 domains; kerberos, ACLs in one realm; file system in another
|
| New
|
| Still experimental
|
Documentation for testing/auditing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.H.1
| Ensure there is high level design documentation of NFSv4 security
Start with Bruce's paper
Security mechanisms
Client responsibilities
Server responsibilities
|
| New
|
|
|
| V.H.2
| Ensure there is inline documentation for security related code in kernel
|
| New
|
|
|
| V.H.3
| Ensure there is inline documentation for GSS API (libgssapi, librpcsecgss)
|
| New
|
|
|
| V.H.4
| Ensure there is inline documentation for nfsv4 libraries
|
| New
|
|
|
Security use case
| ID
| test
| tool test
| status
| owner
| notes
|
| V.I.1
| Verify proper functionality/security correctness of NFSv4 in a VPN environment
|
| New
|
| Venkat will write use case
|
