IETF Logo Mail Archive

Re: [nfsv4] draft-quigley-nfsv4-labeled-00 - some comments

Nico Williams <nico@cryptonector.com> Thu, 07 April 2011 17:00 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: nfsv4@core3.amsl.com
Delivered-To: nfsv4@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BD18728C160 for <nfsv4@core3.amsl.com>; Thu, 7 Apr 2011 10:00:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.934
X-Spam-Level:
X-Spam-Status: No, score=-1.934 tagged_above=-999 required=5 tests=[AWL=0.043, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AtdeKbn3rhJk for <nfsv4@core3.amsl.com>; Thu, 7 Apr 2011 10:00:42 -0700 (PDT)
Received: from homiemail-a34.g.dreamhost.com (caiajhbdcbbj.dreamhost.com [208.97.132.119]) by core3.amsl.com (Postfix) with ESMTP id E78DE3A67CF for <nfsv4@ietf.org>; Thu, 7 Apr 2011 10:00:41 -0700 (PDT)
Received: from homiemail-a34.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a34.g.dreamhost.com (Postfix) with ESMTP id BD71A10062 for <nfsv4@ietf.org>; Thu, 7 Apr 2011 10:02:26 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=cryptonector.com; h=mime-version :in-reply-to:references:date:message-id:subject:from:to:cc: content-type; q=dns; s=cryptonector.com; b=K7+/rokKIL34xu/bjtaDW HNGE/CrsjOYZzvPdbOW6TF7OQy2VGxK5Bei1um0jxbUCEJQyjYJNU4ZfJza/7Ekx B0IyI9wSnrz6mHqiiBBaV6TVN/WXG8eerG4aVXGLQ4qo4Vr0miKzsQpQua/2ynY8 iygZtTc46jzmxeNkNm6H4s=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:in-reply-to:references:date:message-id:subject:from :to:cc:content-type; s=cryptonector.com; bh=WzD04QvNJXP2swtD3Vk6 U1T0/f8=; b=rKA/1D+lPE/mLIMcLMaHtLoG5TyMspoG7i0Zi8RqdL2ipAr3aMVl Jj9XjcAIIeHn1vb9YzuKDwGiGE3Qgdvgxm6lUA/gv9HY+yuJfG/Cn/vbV6dj+Bmb ZepK8LC4oizaicJzZq4m748kHxX/eTeAfueAC8D1kCvSsaXal6zmgB4=
Received: from mail-vw0-f44.google.com (mail-vw0-f44.google.com [209.85.212.44]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a34.g.dreamhost.com (Postfix) with ESMTPSA id 9784810058 for <nfsv4@ietf.org>; Thu, 7 Apr 2011 10:02:26 -0700 (PDT)
Received: by vws12 with SMTP id 12so2557249vws.31 for <nfsv4@ietf.org>; Thu, 07 Apr 2011 10:02:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.89.18 with SMTP id bk18mr1627180vdb.270.1302195746031; Thu, 07 Apr 2011 10:02:26 -0700 (PDT)
Received: by 10.52.157.100 with HTTP; Thu, 7 Apr 2011 10:02:25 -0700 (PDT)
In-Reply-To: <0BC91BC7-947D-4AAB-A4F6-530558BB4B52@netapp.com>
References: <4D95842E.70708@oracle.com> <4D95B41C.70509@oracle.com> <7C4DFCE962635144B8FAE8CA11D0BF1E03E5EF1DC2@MX14A.corp.emc.com> <4D9DBC25.7000409@oracle.com> <BANLkTinQ+qtGOeW=_MQbOiCUWdRiPg70hw@mail.gmail.com> <84F89421-B194-4156-A4E6-394F47140384@netapp.com> <BANLkTikSLwvUsN4AZRjsCPt0mnRdzxsMmQ@mail.gmail.com> <0BC91BC7-947D-4AAB-A4F6-530558BB4B52@netapp.com>
Date: Thu, 07 Apr 2011 12:02:25 -0500
Message-ID: <BANLkTin=K6K9WQagFekHFQExZSRLTBO=3A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Thomas Haynes <thomas@netapp.com>
Content-Type: text/plain; charset="UTF-8"
Cc: jarrett.lu@oracle.com, Kathleen Moriarty <kathleen.moriarty@emc.com>, nfsv4@ietf.org
Subject: Re: [nfsv4] draft-quigley-nfsv4-labeled-00 - some comments
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Apr 2011 17:00:42 -0000

On Thu, Apr 7, 2011 at 11:44 AM, Thomas Haynes <thomas@netapp.com> wrote:
> On Apr 7, 2011, at 10:50 AM, Nico Williams wrote:
>> No, that a user, "joe", on a multi-user client could see an entry
>> named "Covert operations in Foobania.doc" that he was not allowed to
>> see but that another user, "jane", on that client was allowed to see.
>> Conversely, if "joe" was first to readdir that directory then "jane"
>> won't see that directory entry whereas she should.
>>
>> The simplest fix is to say that all names in a given directory have
>> the same label as the directory itself, even though the named objects
>> themselves might have different labels.
>
> But that allows Jane to deduce there were covert operations in Foobania.
> She might even be able to see the date and based on the size, deduce
> how many operations or how large of an operation it was.

Not so.  The classification officer might move or create that document
in a sub-directory with a harmless name.  Of course, if one were to do
that one might as well rely on the Solaris TX approach of mapping
paths to labels...

> If the client is MAC aware, then I would argue that it needs to maintain
> separate name spaces for all users. If the client is non-MAC aware, then
> it has to consistently get the minimum label afforded to it.

That's one approach, yes.

> I.e., the MAC aware server has to assume that the aware client can safely
> hand out directory entries based on labels, but it also has to assume that
> the non-aware client cannot mix and match different labels.

I'd rather the server make authorization decisions based on labels.
Consider Smack... the server might have policies that the client
doesn't, so I'd want the client to call ACCESS for all distinct
process credentials trying to access an object.

Nico
--

v2.23.0 | Report a Bug | By Email