[Cluster-devel] Re: [NFS] [PATCH 0/3] NLM lock failover
Wendy Cheng
wcheng at redhat.com
Fri Aug 4 14:56:02 UTC 2006
On Fri, 2006-08-04 at 09:27 -0400, Wendy Cheng wrote:
> On Fri, 2006-08-04 at 19:27 +1000, Greg Banks wrote:
> > On Tue, 2006-08-01 at 11:55, Wendy Cheng wrote:
> > > o The nfs-utils config flag RESTRICTED_STATD must be off for NLM
> > > failover to be functional correctly.
> >
> > That would reopen this ancient security hole:
> >
> > http://www.cert.org/advisories/CA-99-05-statd-automountd.html
> >
> > which might not be the best of ideas.
> >
>
> ok, thanks ! I'll look into this. But I believe nfs-utils-1.0.8-rc4 has
> this off by default ?
>
Anyway, better be conservative than sorry - I think we want to switch to
"fsid" approach to avoid messing with these networking issues, including
IPV6 modification. That is, we use fsid as the key to drop the lock and
set per-fsid NLM grace period. The ha-callout will have a 4th argument
(fsid) when invoked.
-- Wendy
More information about the Cluster-devel
mailing list