Re: [PATCH] cifs: handle termination of cifs oplockd kernel thread

From: Miklos Szeredi
Date: Sat Apr 30 2005 - 12:26:20 EST


> But you bring up an interesting point about security policy. For
> the case of evil user trying to mount to evil server (e.g. one under
> evil user's control), in one sense it is no different than allowing
> a user to mount an evil cdrom or usb storage device with evil
> contens - a device which may contain specially crafted data (file
> and directory contents and metadata) designed to crash the system,
> but there is a difference - for network filesystems the server also
> can delay the responses, throw away the responses or corrupt the
> frame headers (this can just as often happen due to buggy network
> hardware and routers too).

There's another difference. Mounting a cdrom or usb stick needs
_physical_ access to the machine in question. If you have physical
access you don't need to craft special filesystems to crash the
machine, just pull out the plug from the wall.

So network/userspace filesystems which allow the user to mount an
arbitrary server should be _extra_ careful to verify data from the
server. Otherwise they can remotely crash the machine or gain
elevated privileges.

Miklos

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/