IETF Logo Mail Archive

Re: [nfsv4] draft-quigley-nfsv4-labeled-00 - some comments

Nico Williams <nico@cryptonector.com> Thu, 07 April 2011 15:48 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 47B4D28C0D7 for <nfsv4@core3.amsl.com>; Thu, 7 Apr 2011 08:48:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.933
X-Spam-Level:
X-Spam-Status: No, score=-1.933 tagged_above=-999 required=5 tests=[AWL=0.044, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k4g1k6uJg-qA for <nfsv4@core3.amsl.com>; Thu, 7 Apr 2011 08:48:54 -0700 (PDT)
Received: from homiemail-a25.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by core3.amsl.com (Postfix) with ESMTP id 983443A6A14 for <nfsv4@ietf.org>; Thu, 7 Apr 2011 08:48:54 -0700 (PDT)
Received: from homiemail-a25.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTP id 0439B678071 for <nfsv4@ietf.org>; Thu, 7 Apr 2011 08:50:28 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=VNFScXpXKXHXMNRSqYcEH Rce9UxW5nVUiej6kqa41q2E2bZHtcihpH01Gu2HbD+IaPzJCa/qj/2QZGZXftvkA lW+nJd8oCkQ2QQREb3Js8bEutak4djJgzjY4AwhN27rQzw1S/fi/HeFh+PKckhEC /u37YbfLmHMpx8vUr2Ycb4=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=AfLRuFwl1a3hVldcMRhH 7kB/mUQ=; b=L99OdOeP+Ma909rgYoAnIDNIxtT0TXCDdvuhWbCrNQw0AledsEfy 9XP4lMTlg5iDi/biaMbqyXNsNSDmg+sv9WLvYe8/9Sx80Ezo8G8XKvyv6dUl2KQE n9o5AbGw0qBojv6sVVduoPzlFHv00+Lmcclfzas0J3WQN+C5kfj98zk=
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a25.g.dreamhost.com (Postfix) with ESMTPSA id 6738D67808A for <nfsv4@ietf.org>; Thu, 7 Apr 2011 08:50:02 -0700 (PDT)
Received: by vws12 with SMTP id 12so2484096vws.31 for <nfsv4@ietf.org>; Thu, 07 Apr 2011 08:50:01 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.0.200 with SMTP id 8mr1546822vdg.70.1302191401858; Thu, 07 Apr 2011 08:50:01 -0700 (PDT)
Received: by 10.52.157.100 with HTTP; Thu, 7 Apr 2011 08:50:01 -0700 (PDT)
In-Reply-To: <84F89421-B194-4156-A4E6-394F47140384@netapp.com>
References: <4D95842E.70708@oracle.com> <4D95B41C.70509@oracle.com> <7C4DFCE962635144B8FAE8CA11D0BF1E03E5EF1DC2@MX14A.corp.emc.com> <4D9DBC25.7000409@oracle.com> <BANLkTinQ+qtGOeW=_MQbOiCUWdRiPg70hw@mail.gmail.com> <84F89421-B194-4156-A4E6-394F47140384@netapp.com>
Date: Thu, 07 Apr 2011 10:50:01 -0500
Message-ID: <BANLkTikSLwvUsN4AZRjsCPt0mnRdzxsMmQ@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Thomas Haynes <thomas@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Cc: jarrett.lu@oracle.com, Kathleen Moriarty <kathleen.moriarty@emc.com>, nfsv4@ietf.org
Subject: Re: [nfsv4] draft-quigley-nfsv4-labeled-00 - some comments
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 15:48:55 -0000

On Thu, Apr 7, 2011 at 10:31 AM, Thomas Haynes <thomas@netapp.com> wrote:
> On Apr 7, 2011, at 9:43 AM, Nico Williams wrote:
>> I think a problem only arises for directory delegations if the server
>> would allow a subject to READDIR a directory while also at the same
>> time hiding some of the directory entries from that subject due to the
>> subject not being authorized to see them.  If we don't allow such
>> behavior then there's no problem.
>>
>
> The problem being of course that the client could create an entry that
> conflicts with a name already on the server?

No, that a user, "joe", on a multi-user client could see an entry
named "Covert operations in Foobania.doc" that he was not allowed to
see but that another user, "jane", on that client was allowed to see.
Conversely, if "joe" was first to readdir that directory then "jane"
won't see that directory entry whereas she should.

The simplest fix is to say that all names in a given directory have
the same label as the directory itself, even though the named objects
themselves might have different labels.

Nico
--

v2.23.0 | Report a Bug | By Email