[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03

To: Jeffrey Hutzelman <jhutz at cmu.edu>
Subject: Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03
From: Nicolas Williams <Nicolas.Williams at sun.com>
Date: Fri, 2 Oct 2009 14:19:42 -0500
Cc: secdir at ietf.org, Daniel Ellard <dellard at bbn.com>, nfsv4 at ietf.org, Renu Tewari <tewarir at us.ibm.com>, iesg at ietf.org
Delivered-to: nfsv4 at core3.amsl.com
In-reply-to: <65075E890F4E784CD4416173 at atlantis.pc.cs.cmu.edu>
List-archive: <http://www.ietf.org/mail-archive/web/nfsv4>
List-help: <mailto:nfsv4-request@ietf.org?subject=help>
List-id: NFSv4 Working Group <nfsv4.ietf.org>
List-post: <mailto:nfsv4@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
References: <1372_1254340959_n8UK2bOg025386_20090930193620.GA902 at Sun.COM> <65075E890F4E784CD4416173 at atlantis.pc.cs.cmu.edu>
User-agent: Mutt/1.5.7i

On Wed, Sep 30, 2009 at 10:31:11PM -0400, Jeffrey Hutzelman wrote:
> --On Wednesday, September 30, 2009 02:36:20 PM -0500 Nicolas Williams 
> <Nicolas.Williams at sun.com> wrote:
> 
> > - A note that orphaned FSNs and FSLs cannot be easily distinguished
> >   from ones referenced by junctions and FSNs, respectively.  Therefore
> >   objects will tend to pile up.  This is a resource consumption
> >   consideration.  Resource control issues are, IMO, a security
> >   consideration.
> 
> I don't think this is a significant problem, or a security problem at all. 
> The fact that, once I have allocated my resources for an object, you might 
> decide to stop having any references to it, does not create a security 
> problem for me.  This is analogous to my publishing a web page, and then 
> you later deciding not to link to it any more.

I agree that orphaning over time is not a security problem.  I was
thinking more of the fact that to authorize someone to publish FSNs/FSLs
in some NSDB is to authorize them to create unlimited amounts of
garbage.  Garbage collection being effectively impossible, the fact that
authorization to publish is also authorization to consume all resources
seems like a problem to me.  One might want to implement resource
controls at NSDBs ("Joe can create FSNs and FSLs in this NSDB, at the
rate of 10 objects per-day" or "Jane can create up to 100 FSNs and FSLs
in this NSDB").

One might also wish to have an optional way to document in an FSN the
paths to junctions that are expected to reference the FSNs  Similarly,
an optional way to document in an FSL the FSNs that are expected to
reference the FSL.  Not that such documentation would be sufficient to
make garbage collection possible; it'd only make it feasible to check
_intended_ references.

Nico
--

Follow-Ups:
- Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03
  - From: Jeffrey Hutzelman

References:
- Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03
  - From: Jeffrey Hutzelman

Prev by Date: Re: [nfsv4] sparse files support for NFS
Next by Date: Re: [nfsv4] [FedFS] meeting agenda (10/1)
Previous by thread: Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03
Next by thread: Re: [nfsv4] [secdir] draft-ietf-nfsv4-federated-fs-reqts-03
Index(es):
- Date
- Thread