[linux-cifs-client] [PATCH] cifs.upcall: make using ip address conditional on new option

Jeff Layton jlayton at redhat.com
Wed Aug 26 06:35:21 MDT 2009


On Wed, 26 Aug 2009 08:02:59 -0400
simo <idra at samba.org> wrote:

> On Wed, 2009-08-26 at 06:29 -0400, Jeff Layton wrote:
> > On Wed, 19 Aug 2009 13:30:37 -0400
> > Jeff Layton <jlayton at redhat.com> wrote:
> > 
> > > Igor Mammedov pointed out that reverse resolving an IP address to get
> > > the hostname portion of a principal could open a possible attack
> > > vector. If an attacker were to gain control of DNS, then he could
> > > redirect the mount to a server of his choosing, and fix the reverse
> > > resolution to point to a hostname of his choosing (one where he has
> > > the key for the corresponding cifs/ or host/ principal).
> > > 
> > > That said, we often trust DNS for other reasons and it can be useful
> > > to do so. Make the code that allows trusting DNS to be enabled by
> > > adding --trust-dns to the cifs.upcall invocation.
> > > 
> > > Signed-off-by: Jeff Layton <jlayton at redhat.com>
> > > ---
> > >  client/cifs.upcall.c |   62 ++++++++++++++++++++++++++++++++-----------------
> > >  1 files changed, 40 insertions(+), 22 deletions(-)
> > > 
> > 
> > Pushed to samba master branch (along with a corresponding manpage update).
> 
> We discussed this a few times in the past, I have no objections to the
> patch, I am only wondering if the default shouldn't be reversed and make
> only paranoid people disable it ?
> 

*shrug*

The attack vector is a little contrived, but it is valid. When in
doubt, it's probably best to make the safest option the default and
require a conscious step to lower security.

-- 
Jeff Layton <jlayton at redhat.com>


More information about the linux-cifs-client mailing list