tech-net: Re: NFS and privileged ports

Subject: Re: NFS and privileged ports
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-net
Date: 11/08/2004 23:36:46
On Mon, Nov 08, 2004 at 07:44:48PM -0800, Jonathan Stone wrote:
> In message <20041109030840.GA879@panix.com>Thor Lancelot Simon writes
> 
> >Why should your use case take precedence over mine?
> 
> Thor, 
> 
> Partly from curiosity, partly devils-advocate:
> 
> Suppose NetBSD supported NFS with GSSAPI authentication (also
> sometimes calle "secure NFS"), and you had local /etc/krb5.keytab
> files with tickets on your clients (for root to do mounts at
> boot-time) and server (to authenticate the server to clients). Suppose
> further that this hypothetical NFS used opencrypto(9), with support
> for ~cheap accelerators.
> 
> How would that meet your needs?

Given infinite resources, it would meet them fine.  But in
practice, I think that though *tremendously* useful, it would be most
useful in environments other than the ones where I really care about
NFS, which are clusters or other homogenous (or near-homogenous)
systems where NFS traffic is carried over a private interconnect
and all kernels enforce the same, consistent security policy.

In that environment, why shouldn't I be able to trust my private NFS
interconnect just as I trust the PCI bus of a single node?  Why should
I pay any crypto penalty at all when preserving our _current_ security
model for NFS gives me what I need at no computational cost?

What Jason and Bill are proposing would be a _regression_ in security
for a default NetBSD installation in environments like the ones I am
discussing: in environments where systems run the same NetBSD kernel,
have the same user database, executables, and filesystem permissions,
and where the network is physically secure.

There are more than a few NetBSD systems in such environments.  Why
should we consider it okay to give them a security downgrade with our
next release?

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud