G'day,
This is the first tranche of patches from SGI's Enhanced NFS product.
These are forward-ported (and sometimes updated) versions of patches
which have been shipping in SGI's NAS server products since around
2006. Testing after porting has been comprised running cthon04. The
patches in this particular group were posted before, in August 2006.
--
Greg Banks, P.Engineer, SGI Australian Software Group.
the brightly coloured sporks of revolution.
I don't speak for SGI.
On Mon, Feb 09, 2009 at 04:24:27PM +1100, Greg Banks wrote:
> Bruce, any word on these? I don't seem to have any specific review
> items that I need to pay attention to with these patches, and I don't
> see them in your for-2.6.30 branch, so can I get an ack or a nack or
> feedback on things that need fixing?
Sorry, that came around the time of the citi compromise, so I just
registered that it had gotten some responses, figured it'd probably be
resent, and filed it away....
(And, by the way, if anyone's waiting for me to respond to email from
the last month--you mght want to resend. The longer version:
We now believe that password-logging ssh and sshd were installed on citi
machines as early as November. We got reports of ssh scanning in
December and January, but just took down the misbehaving machines. In
mid-January we finally realized the problem was serious, disconnected
ourselves from the internet completely, took everything on our local
network offline (including our main mail server and linux-nfs.org), then
brought our external connection back up and slowly reconnected machines
to our local network as we audited and/or rebuilt them as appropriate.
To be cautious, I also did the same for my personal machines (including
my personal mail server), though I didn't have specific evidence they'd
been compromised.
The upshot is: there were a few days when mail wasn't getting through at
all, and I know at least some was never delivered. When it did get
through, I wasn't necessarily able to pay it much attention. So besides
just a sob-story, this is a request that people ping me if I haven't
responded to something I should have lately.)
--b.
Greg Banks wrote:
> G'day,
>
> This is the first tranche of patches from SGI's Enhanced NFS product.
>
>
http://marc.info/?l=linux-nfs&m=123184242909159&w=2
http://marc.info/?l=linux-nfs&m=123184242709153&w=2
http://marc.info/?l=linux-nfs&m=123184242809157&w=2
Bruce, any word on these? I don't seem to have any specific review
items that I need to pay attention to with these patches, and I don't
see them in your for-2.6.30 branch, so can I get an ack or a nack or
feedback on things that need fixing?
--
Greg Banks, P.Engineer, SGI Australian Software Group.
the brightly coloured sporks of revolution.
I don't speak for SGI.
J. Bruce Fields wrote:
> On Mon, Feb 09, 2009 at 04:24:27PM +1100, Greg Banks wrote:
>
>> Bruce, any word on these? I don't seem to have any specific review
>> items that I need to pay attention to with these patches, and I don't
>> see them in your for-2.6.30 branch, so can I get an ack or a nack or
>> feedback on things that need fixing?
>>
>
> Sorry, that came around the time of the citi compromise, so I just
> registered that it had gotten some responses, figured it'd probably be
> resent, and filed it away....
>
Aha. The conversations didn't result in any specific feedback items or
improvements that I can see, unless I'm misunderstanding what people
said. So I don't have any newer versions of the patches to send. Do
you want me to resend anyway?
>
> We now believe that password-logging ssh and sshd were installed on citi
> machines as early as November. [...]
Ouch. Well, that explains the linux-nfs.org outages.
--
Greg Banks, P.Engineer, SGI Australian Software Group.
the brightly coloured sporks of revolution.
I don't speak for SGI.