[nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)

Eric Rescorla <ekr@rtfm.com> Wed, 24 May 2017 02:30 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: nfsv4@ietf.org
Delivered-To: nfsv4@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 89BDA126B71; Tue, 23 May 2017 19:30:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-nfsv4-xattrs@ietf.org, Spencer Shepler <spencer.shepler@gmail.com>, nfsv4-chairs@ietf.org, spencer.shepler@gmail.com, nfsv4@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.51.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149559305147.28562.14990485255783585477.idtracker@ietfa.amsl.com>
Date: Tue, 23 May 2017 19:30:51 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/nfsv4/vhZFzpoWDDTOvKMnWcoCmPdZNVM>
Subject: [nfsv4] Eric Rescorla's Discuss on draft-ietf-nfsv4-xattrs-05: (with DISCUSS)
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.22
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/nfsv4/>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2017 02:30:52 -0000

Eric Rescorla has entered the following ballot position for
draft-ietf-nfsv4-xattrs-05: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


      Since xattrs are application data, security issues are exactly
      same as those relating to the storing of file data and named
      attributes.  These are all various sorts of application data and
      the fact that the means of reference is slightly different in
      case should not be considered security-relevant.  As such, the
      additions to the NFS protocol for supporting extended attributes
      do not alter the security considerations of the NFSv4.2 protocol

This seems inadequate. The issue is that if machine A writes some
extended attribute which is security relevant (i.e., this file is
only readable under certain conditions) and then machine B doesn't
know about the attribute, then you have a security problem on B
because it will not enforce it. It seems like FreeBSD uses extended
attributes for this purpose, so this isn't just theoretical.