NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
misc/58114: amd(8) security model isn't clear
>Number: 58114
>Category: misc
>Synopsis: amd(8) security model isn't clear
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 04 21:00:00 +0000 2024
>Originator: Taylor R Campbell
>Release: current
>Organization:
The NfsAMD Foundation
>Environment:
spitting hail, sleet, and wind at me
>Description:
The security model of amd(8) is unclear:
- What is amd(8) exposed to when you launch it?
=> Privileged processes, presumably.
=> Unprivileged processes when when they try to follow automounted directories?
=> Unprivileged processes via amq(8)?
=> Remote network access?
- How is access controlled?
=> Are there any fixed port numbers that can be firewalled?
=> Can the operator specify a fixed port number that can be firewalled?
The man pages and NetBSD guide should both explain this.
>How-To-Repeat:
man amd, get confused
>Fix:
Yes, please!
Home |
Main Index |
Thread Index |
Old Index