> On Oct 20, 2021, at 12:37 PM, Olga Kornievskaia <olga.kornievskaia@xxxxxxxxx> wrote: > > On Wed, Oct 20, 2021 at 11:54 AM J. Bruce Fields <bfields@xxxxxxxxxxxx> wrote: >> >> knfsd has supported server-to-server copy for a couple years (since >> 5.5). You have set a module parameter to enable it. I'm getting asked >> when we could turn that parameter on by default. >> >> I've got a couple vague criteria: one just general maturity, the other a >> security question: >> >> 1. General maturity: the only reports I recall seeing are from testers. >> Is anyone using this? Does it work for them? Do they find a benefit? >> Maybe we could turn it on by default in one distro (Fedora?) and promote >> it a little and see what that turns up? >> >> 2. Security question: with server-to-server copy enabled, you can send >> the server a COPY call with any random address, and the server will >> mount that address, open a file, and read from it. Is that safe? > > How about adding a piece then on the server (a policy) that would only > control that? The concept behind the server-to-server was that servers > might have a private/fast network between them that they would want to > utilize. A more restrictive policy could be to only allow predefined > network space to do the COPY? I know that more work. But sound like > perhaps it might be something that provides more control to the > server. > > But as Chuck pointed out perhaps the kerberos piece would make this > concern irrelevant. I like the idea of having a server-side policy setting that controls whether s2sc is permitted, and maybe establishes a range of IP addresses allowed to be destination servers. -- Chuck Lever
