Re: [PATCH 0/2] Make libtirpc work with old style portmapper

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sep 7, 2010, at 4:58 PM, Olaf Kirch wrote:

> On Tuesday 07 September 2010 17:36:58 Chuck Lever wrote:
>> Probably not a bad idea.  But I thought this was a problem for applications
>> that are calling rpcb_{un,}set(3t), not apps that are invoking the legacy
>> variants.  How does this new patch address the problem?
> 
> No, it's a problem with legacy apps calling pmap_set/unset. They simply
> stop working if you use pmap_set + libtirpc + portmap.

I think the crux of the problem is the latter half: libtirpc + portmap.

>> What happens if you try the other way around: try the AF_UNIX mechanism
>> first, then the legacy mechanism?  It's arguable that any application
>> calling the pmap_{un,}set(3t) interface would likely expect the old
>> behavior anyway, but could probably benefit from the additional security
>> if rpcbind, rather than portmap, is running locally.
> 
> I don't think apps coded to the old pmap_* interface will benefit
> in any way from the new security model. These services expect a
> root/non-root split of privilege, and that's what they get with
> PMAP_SET/UNSET, no matter whether they talk to rpcbind or portmap.

I haven't thought carefully about it, but that's probably correct.

>>  1.  rpcb_{un,}set(3t) need to work whether rpcbind or portmapper are
>> running 2.  pmap_{un,}set(3t) should still invoke rpcb_{un,}set(3t) under
>> the covers to ensure they get advanced security when available
>> 
>> This is because you can build legacy apps against libtirpc (which want
>> robust pmap_{un,}set(3t) no matter which portmapper is running), but you
>> can also construct TI-RPC enabled apps that may be running on a system
>> with only portmap (which want robust rpcb_{un,}set(3t)).  So I think you
>> have to fix both APIs.
> 
> The latter is a problem indeed, and I guess we need to fix it as well.
> The one that I wanted to address first and foremost is applications
> using the legacy API

Yes, I agree both are a problem.  The "rpcb_{un,}set(3t) + TI-RPC-enabled application running on a host with only portmap running" was the problem that was reported to me (twice, separately) a while ago.

-- 
chuck[dot]lever[at]oracle[dot]com




--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux