On Fri, 2005-06-24 at 12:42, Roland Dreier wrote: > Thomas> But that's totally and completely insecure. The goal of > Thomas> /etc/exports is to place at least part of the client > Thomas> authentication in the network rather than the supplied > Thomas> credentials. NFS has quite enough of a history with > Thomas> AUTH_SYS to prove the issues there. Some of the exports > Thomas> options (e.g. the *_squash ones) are specifically because > Thomas> of this. > > ATS is completely insecure too, right? A client can create any old > service record in the subnet administrator's database and claim that > its GID has whatever IP address it wants.
The first level of IB trust in terms of the SA (authenticaing the requestor) is restrictions based on access (partitioning). This is true for a number of SA attributes which is more than (just) ServiceRecords. But we do trust the kernel, right ? So the only issue would be user space creation and deletion of these records. There could be checking in the kernel as to the registration/deregistration being appropriate for the configuration. I think this is the same issue whatever way it is done (whether by SRs or CM private data). -- Hal _______________________________________________ openib-general mailing list openib-general@openib.org http://openib.org/mailman/listinfo/openib-general To unsubscribe, please visit http://openib.org/mailman/listinfo/openib-general
