On 06/22/10 12:33 PM, Steve Dickson wrote:
On 06/22/2010 10:34 AM, Chuck Lever wrote:
Does anybody know who uses SM_SIMU_CRASH and is it
still needed? I'm getting some push back from our
security folks to plug this DoS hole up...
How is it a DoS? statd ignores any SM_SIMU_CRASH from a non-loopback
address that does not use a privileged port. To invoke it, you
basically have to be a privileged local user.
It happens during an ISS scan....
What were the exact results?
Right now, no one uses it, but I think we should reserve the right to
use it in the future. This could be part of a more robust interface
between lockd and statd.
hmm... how can having a way of bringing down a daemon, make it more robust?
SM_SIMU_CRASH is not supposed to bring down statd, it's supposed to
trigger sm-notify. If something else is happening, that's a bug.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
