Simo Sorce wrote: The attached patch adds a new command line switch to rpc.gssd to avoid PTR resolution when possible. The current code *depends* on PTR resolution for GSSAPI authentication and this is *bad*. It imposes an annoying, and unnecessary, constraint on the correctness of DNS resolution, which prevents mounts from working in networks where the PTR record cannot be easily controlled (for example networks where the forward name is reasonable while the PTR is set to some artificial name based on the IP address or so that is not the canonical name or where no PTR exist at all). Depending on PTR resolution for GSSAPI is also very bad practice because it opens up DNS spoofing attacks where an attacker can try to redirect a user to the wrong server fooling mutual authentication, and induce a user to trust improper data or disclose (by copying on the impostor server) data that should be confidential. What happens if it's a partially qualified domain name? Wouldn't it be better to use something like inet_pton? I agree that insisting on correct PTR records is a bad idea, but I don't understand your threat model. It shouldn't be possible for an attacker to do anything bad by redirecting the client to a spoof server. If it is possible, we've got bigger problems. How do you think that would work exactly? -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
