RE: [nfs-utils] [PATCH 0/3] rpc.mountd: fix some vulnerabilities

[Strösser, Bodo <bodo.stroesser@xxxxxxxxxxxxxx>]

Thank you for your thorough work.

Bodo

> -----Original Message-----
> From: Steve Dickson [mailto:SteveD@xxxxxxxxxx]
> Sent: Wednesday, November 12, 2014 7:57 PM
> To: Strösser, Bodo; neilb@xxxxxxx; linux-nfs@xxxxxxxxxxxxxxx
> Cc: bfields@xxxxxxxxxxxx
> Subject: Re: [nfs-utils] [PATCH 0/3] rpc.mountd: fix some vulnerabilities
> 
> 
> 
> On 11/05/2014 03:21 PM, bstroesser@xxxxxxxxxxxxxx wrote:
> > Hello,
> >
> > I'm sending a small set of 3 patches for a problem, that I have
> > reported a few weeks ago.
> > rpc.mountd can be blocked by a bad client, that sends lots of
> > RPC requests, but never reads the replies from the socket either
> > intentionally or e.g. caused by a wrong configured MTU.
> >
> > While looking for a possible solution, I found another weakness
> > in rpc.mountd if it is used "multithreaded" (-t nn).
> >
> > The first two patches fix that weakness in the case of !HAVE_LIBTIRPC
> > and HAVE_LIBTIRPC.
> > The third patch more a kind of suggestion how the main problem could
> > be fixed. I don't know whether we can set MAXREC without causing
> > new troubles. When this patch is used, a  further patch for libtirpc
> > also should be used. You can find it here:
> >     http://sourceforge.net/p/libtirpc/mailman/libtirpc-devel/?viewmonth=201409
> After applying all three patches, the DOS does stop... All three committed!
> Nice work! Thank you... very much!!
> 
> steved.
> 
> >
> > Best regards,
> > Bodo
> > N‹§²æìr¸›yúèšØb²X¬¶Ç§vØ^–
> )Þº{.nÇ+‰·¥Š{±?û"žØ^n‡r¡ö¦zË?ëh™¨è­Ú&¢ø®G«?éh®(­éšŽŠÝ¢j"?ú¶m§ÿï?êäz¹Þ–
> Šàþf£¢·hšˆ§~ˆmml==
> >
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html