| commit | 6aa0f05509ec1b8578021051f83627f4ca296ef8 | |
| author | Jeff Layton <jlayton@redhat.com> | |
| Wed, 14 Oct 2009 15:06:21 +0000 (14 11:06 -0400) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Fri, 16 Oct 2009 13:04:56 +0000 (16 15:04 +0200) | ||
| tree | bfc9fbcb01126d8de87a38a74b80b795714900e3 | treesnapshot (tar.gz zip) |
| parent | 8fed5de25979654baf1c62b0346c725b9c6b6866 | commitdiff |
cifs.upcall: make using ip address conditional on new option
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Igor Mammedov pointed out that reverse resolving an IP address to get
the hostname portion of a principal could open a possible attack
vector. If an attacker were to gain control of DNS, then he could
redirect the mount to a server of his choosing, and fix the reverse
resolution to point to a hostname of his choosing (one where he has
the key for the corresponding cifs/ or host/ principal).
That said, we often trust DNS for other reasons and it can be useful
to do so. Make the code that allows trusting DNS to be enabled by
adding --trust-dns to the cifs.upcall invocation.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
| docs-xml/manpages-3/cifs.upcall.8.xml | diffblobblamehistory | |
| source/client/cifs.upcall.c | diffblobblamehistory |