[OpenAFS-devel] Lockdown for VL and VOL RPC interfaces for
non-authenticated user (was: Authorization Checks for VL and VOL RPC
interfaces)
Benjamin Kaduk
kaduk@MIT.EDU
Sat, 15 Mar 2014 19:50:38 -0400 (EDT)
On Sat, 15 Mar 2014, Gergely Risko wrote:
> I also found this issue today and this bothers me a bit, so I'd like to
> ask if there are any arguments against doing something very simple right
> now:
I do not know of any arguments against doing the easy simple things.
> If I volunteer to create the patchsets needed for this proposal, is
> there willingness to review and merge them?
I expect that review could be obtained. Some amount of prodding in gerrit
might be necessary, but sometimes that's true regardless of the nature of
a patch.
Not being a gatekeeper, I cannot speak to willingness to merge, but I
believe that if code implements a useful feature and has had sufficient
review, it can get merged.
> Also, are there any other RPCs in other services with significant
> information leakage? I played around with the PR ACLs, but PR_ListEntry
> seems to be protected now (when using s---- fields), but is there
> something maybe in fileserver?
I can't answer this off the top of my head.
-Ben Kaduk