Subject: Re: nfs optimization and veriexec
To: Brett Lymn <blymn@baesystems.com.au>
From: Elad Efrat <elad@NetBSD.org>
List: tech-security
Date: 12/18/2007 13:28:05
Brett Lymn wrote:

> There are two sides to the NFS equation when it comes to veriexec:
> 
> 1) Server side, this presents some issues because we usually hook into
>    the VOP layer for read/write checking.  Unfortunately the NFS
>    server does not use the VOP calls when it gets read/write requests,
>    the server code pages the requested part of the file into memory
>    and then pushes it out to the client.  From (possibly incorrect)
>    memory, the open code path is different to most other file systems
>    too.
> 
> 2) Client side, does use the VOP calls so the veriexec checks should
>    just work but with the caveat that the server needs to be trusted
>    absolutely.

That's exactly the type of information I think we need to document.

Perhaps it's a good time to write an updated D&I paper for Veriexec,
too... :)

> I am sure that the per-page checking I would like to get in would
> address the issues on both sides.  I need to get back to the unified
> iodone call - after talking with Chuck a while back I understand
> things a bit better, I need to update my tree and push another patch
> out.

That would be great. :)

Thanks,

-e.