Matrix security section

From Linux NFS

Jump to: navigation, search

Contents

Code Audit

ID test tool test status owner notes
V.A.1 Audit the NFSv4 server code New
V.A.2 Audit the NFSv4 client code New
V.A.3 Audit the rpcbind / portmap code New
V.A.4 Audit the krb5 code DONE Assuming MIT krb5 libs are already reviewed
V.A.5 Audit the idmapd code New
V.A.6 Audit the mountd New
V.A.7 Audit the RPC authentication code (gssd, authsys, etc.) New

Security regression testing

ID test tool test status owner notes
V.B.1 Run Stanford/Coverity Checker periodically New
V.B.2 Run SMATCH as regression test periodically New
V.B.3 Run FlawFinder as regression test periodically New
V.B.4 Run Sparse as regression test periodically In Progress OSDL Data is reported for CITI kernels; need to understand how to analyze it

Administration tools

ID test tool test status owner notes
V.C.1 Verify that only administrative users can access admin tools and config files New Perhaps run this in a test suite

Security features design review

ID test tool test status owner notes
V.D.1 Review Authentication/ACL feature design New U Mich has done some NFS2/3 ACL testing 10/04
V.D.2 Review each security flavor feature design

Krb5
Spkm3

New
V.D.3 Review security negotiation feature design New Still needs some implementation work
V.D.4 Review named attributes feature design New Still needs some implementation work
V.D.5 Review supporting advanced security flavors on the callback channel design New Still needs some implementation work
V.D.6 Penetration testing for client callback implementation New

Security feature testing

ID test tool test status owner notes
V.E.1 Ensure a functionality test sufficiently tests Authentication/ACL New
V.E.2 Ensure a functionality test sufficiently covers each security flavor

Krb5
Spkm3

New
V.E.3 Ensure a functionality test sufficiently covers security negotiation New
V.E.4 Ensure a functionality test sufficiently covers named attributes New
V.E.5 Ensure a functionality test sufficiently covers advanced security flavors on callback channel New
V.E.6 Ensure a functionality test sufficiently covers penetration testing for client callback implementation New

Attack and penetration security review

ID test tool test status owner notes
V.F.1 Identify security issues assuming attack from client-side Open Bull Bull planning on creating a list of issues in 2005

NFSv4 client Denial of service Userland daemons Mount and other nfs utils

V.F.2 Identify security issues assuming attack from server-side Open Bull Bull planning on creating a list of issues in 2005
V.F.3 Identify security/privacy issues assuming listening by an active or passive third party Open' Bull Bull planning on creating a list of issues in 2005

Cross realm

ID test tool test status owner notes
V.G.1 Two v4 domains; kerberos, ACLs in one realm; file system in another New Still experimental

Documentation for testing/auditing

ID test tool test status owner notes
V.H.1 Ensure there is high level design documentation of NFSv4 security

Start with Bruce's paper
Security mechanisms
Client responsibilities
Server responsibilities

New
V.H.2 Ensure there is inline documentation for security related code in kernel New
V.H.3 Ensure there is inline documentation for GSS API (libgssapi, librpcsecgss) New
V.H.4 Ensure there is inline documentation for nfsv4 libraries New

Security use case

ID test tool test status owner notes
V.I.1 Verify proper functionality/security correctness of NFSv4 in a VPN environment New Venkat will write use case
Personal tools