| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <172849928289.133472.12075054007922427149.b4-ty@oracle.com>
Date: Wed, 9 Oct 2024 14:41:59 -0400
From: cel@...nel.org
To: Jeff Layton <jlayton@...nel.org>,
Neil Brown <neilb@...e.de>,
Olga Kornievskaia <okorniev@...hat.com>,
Dai Ngo <Dai.Ngo@...cle.com>,
Tom Talpey <tom@...pey.com>,
Pali Rohár <pali@...nel.org>
Cc: Chuck Lever <chuck.lever@...cle.com>,
linux-nfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT
From: Chuck Lever <chuck.lever@...cle.com>
On Sat, 05 Oct 2024 18:40:39 +0200, Pali Rohár wrote:
> Currently NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT do not bypass
> only GSS, but bypass any method. This is a problem specially for NFS3
> AUTH_NULL-only exports.
>
> The purpose of NFSD_MAY_BYPASS_GSS_ON_ROOT is described in RFC 2623,
> section 2.3.2, to allow mounting NFS2/3 GSS-only export without
> authentication. So few procedures which do not expose security risk used
> during mount time can be called also with AUTH_NONE or AUTH_SYS, to allow
> client mount operation to finish successfully.
>
> [...]
Applied to nfsd-next for v6.13, thanks!
[1/1] nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT
commit: fa3d3ae84c5a6e9bd406c9ef75d3128a46cf1109
--
Chuck Lever
Powered by blists - more mailing lists