From Linux NFS
(Difference between revisions)
Revision as of 07:25, 28 July 2005
Code Audit
| ID
| test
| tool test
| status
| owner
| notes
|
| V.A.1
| Audit the NFSv4 server code
|
| New
|
|
|
| V.A.2
| Audit the NFSv4 client code
|
| New
|
|
|
| V.A.3
| Audit the rpcbind / portmap code
|
| New
|
|
|
| V.A.4
| Audit the krb5 code
|
| DONE
|
| Assuming MIT krb5 libs are already reviewed
|
| V.A.5
| Audit the idmapd code
|
| New
|
|
|
| V.A.6
| Audit the mountd
|
| New
|
|
|
| V.A.7
| Audit the RPC authentication code (gssd, authsys, etc.)
|
| New
|
|
|
Security regression testing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.B.1
| Run Stanford/Coverity Checker periodically
|
| New
|
|
|
| V.B.2
| Run SMATCH as regression test periodically
|
| New
|
|
|
| V.B.3
| Run FlawFinder as regression test periodically
|
| New
|
|
|
| V.B.4
| Run Sparse as regression test periodically
|
| Open
| OSDL
|
|
Administration tools
| ID
| test
| tool test
| status
| owner
| notes
|
| V.C.1
| Verify that only administrative users can access admin tools and config files
|
| New
|
| Perhaps run this in a test suite
|
Security features design review
| ID
| test
| tool test
| status
| owner
| notes
|
| V.D.1
| Review Authentication/ACL feature design
|
| New
|
| U Mich has done some NFS2/3 ACL testing 10/04
|
| V.D.2
| Review each security flavor feature design
Krb5
Spkm3
|
| New
|
|
|
| V.D.3
| Review security negotiation feature design
|
| New
|
| Still needs some implementation work
|
| V.D.4
| Review named attributes feature design
|
| New
|
| Still needs some implementation work
|
| V.D.5
| Review supporting advanced security flavors on the callback channel design
|
| New
|
| Still needs some implementation work
|
| V.D.6
| Penetration testing for client callback implementation
|
| New
|
|
|
Security feature testing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.E.1
| Ensure a functionality test sufficiently tests Authentication/ACL
|
| New
|
|
| V.E.2
| Ensure a functionality test sufficiently covers each security flavor
Krb5
Spkm3
|
| New
|
|
|
| V.E.3
| Ensure a functionality test sufficiently covers security negotiation
|
| New
|
|
|
| V.E.4
| Ensure a functionality test sufficiently covers named attributes
|
| New
|
|
|
| V.E.5
| Ensure a functionality test sufficiently covers advanced security flavors on callback channel
|
| New
|
|
|
| V.E.6
| Ensure a functionality test sufficiently covers penetration testing for client callback implementation
|
| New
|
|
|
Attack and penetration security review
| ID
| test
| tool test
| status
| owner
| notes
|
| V.F.1
| Identify security issues assuming attack from client-side
|
| Open
| Bull
| Bull planning on creating a list of issues in 2005
NFSv4 client
Denial of service
Userland daemons
Mount and other nfs utils
|
| V.F.2
| Identify security issues assuming attack from server-side
|
| Open
| Bull
| Bull planning on creating a list of issues in 2005
|
| V.F.3
| Identify security/privacy issues assuming listening by an active or passive third party
|
| Open'
| Bull
| Bull planning on creating a list of issues in 2005
|
Cross realm
| ID
| test
| tool test
| status
| owner
| notes
|
| V.G.1
| Two v4 domains; kerberos, ACLs in one realm; file system in another
|
| New
|
| Still experimental
|
Documentation for testing/auditing
| ID
| test
| tool test
| status
| owner
| notes
|
| V.H.1
| Ensure there is high level design documentation of NFSv4 security
Start with Bruce's paper
Security mechanisms
Client responsibilities
Server responsibilities
|
| New
|
|
|
| V.H.2
| Ensure there is inline documentation for security related code in kernel
|
| New
|
|
|
| V.H.3
| Ensure there is inline documentation for GSS API (libgssapi, librpcsecgss)
|
| New
|
|
|
| V.H.4
| Ensure there is inline documentation for nfsv4 libraries
|
| New
|
|
|
Security use case
| ID
| test
| tool test
| status
| owner
| notes
|
| V.I.1
| Verify proper functionality/security correctness of NFSv4 in a VPN environment
|
| New
|
| Venkat will write use case
|
