| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Aug 2007 12:05:36 -0400 From: "J. Bruce Fields" <bfields@...ldses.org> To: Jeff Layton <jlayton@...hat.com> Cc: nfs@...ts.sourceforge.net, linux-kernel@...r.kernel.org, Stefan Walter <stefan.walter@....ethz.ch> Subject: Re: [NFS] rpc.mountd crashes when extensively using netgroups On Thu, Aug 02, 2007 at 11:32:55AM -0400, Jeff Layton wrote: > On Tue, 31 Jul 2007 10:48:24 -0400 > "J. Bruce Fields" <bfields@...ldses.org> wrote: > > That's an interesting problem. Thanks for the report! > > > > I don't believe that long comma-delimited string actually has any > > meaning to the kernel--as far as the kernel is concerned, it's just an > > opaque object that will be passed back to mountd later (along with a > > path name) to get export options. > > > > So I suppose that string could be replaced by a hash, or maybe even just > > by the ip address of the particular host--the disadvantage to the latter > > being that it would require the kernel to keep a separate export for > > each client address. > > I started having a look at this today. The original patches that I > proposed to clean up the rmtab a few months ago also eliminated this > comma-delimited string. Neil had valid objections to it at the time, > but if we switched to using the IP address as a cache key like Bruce > describes then doing that becomes more reasonable. > > The only downside I see is the one Bruce points out -- the size of > the kernel export cache would increase. I don't have a feel for whether > this is a show stopper, however. Yeah, there might be some risk of solving that problem at the expense of people with tons of clients all matching *.example.com. The actual export objects are actually pretty small--68 bytes, last I checked? You'd also need two upcalls to mountd per client (for ip address and export, as opposed to just ip address). I don't know what other costs there might be. What about the idea of hashing the comma-delimited list and passing that? You'd want hash large enough to be collision-free--might as well use some cryptographic hash, I guess, though it may be mild overkill. Is there any reason why that wouldn't work? Could you remind me what problems you were trying to fix with your rmtab cleanup? --b. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists