Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
From:   Chuck Lever III <chuck.lever@oracle.com>
To:     Olga Kornievskaia <olga.kornievskaia@gmail.com>
CC:     Bruce Fields <bfields@fieldses.org>,
        Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
        Dai Ngo <dai.ngo@oracle.com>, Steve Dickson <steved@redhat.com>
Subject: Re: server-to-server copy by default
Thread-Topic: server-to-server copy by default
Thread-Index: AQHXxcrDI0R5Oq8J10KODCEElXm6xqvcFdwAgAATOoA=
Date:   Wed, 20 Oct 2021 17:45:58 +0000
Message-ID: <0492823C-5F90-494E-8770-D0EC14130846@oracle.com>
References: <20211020155421.GC597@fieldses.org>
 <CAN-5tyHuq3wmU1EThrfqv7Mq+F5o0BXXdkAnGXch_sYakv=eqA@mail.gmail.com>
In-Reply-To: <CAN-5tyHuq3wmU1EThrfqv7Mq+F5o0BXXdkAnGXch_sYakv=eqA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?elFaDXmBCvVqelKH6S5VW1y4UqAlsCUuWoNTatA7cuJz5N7fIR5xbN6NFDOG?=
 =?us-ascii?Q?Jnlaer//MNdsU1qsGGGQpDuDwB0mEHS6xRYYILC7KxAYI/ccO14Kx4dY0fvn?=
 =?us-ascii?Q?Ar+YYwYK4OzkFupRfTs0SmOx0y7p+GRgxC98LCXw3v5I2DVOj0/OLHt8jP9a?=
 =?us-ascii?Q?04JeeEeQlZZPju7Be0Dd1nRSgn5JDVGCklQ2gz1tXncYdtgclf99yEZxrU6W?=
 =?us-ascii?Q?1kCew0pNkZA7Z5UmU7cfsduub85O84WHjlsTh0WYke+/pG1Ks6KUCWm0i8pk?=
 =?us-ascii?Q?rfrTSeXNh17UkrRFXRoALKZAuICFSE+KK4fiN+DC3C0THRjuaaZCFXTxEb1Z?=
 =?us-ascii?Q?r04Hyv7d60SDo8QfzZxmE6NPjDnWHtN9XpS6VnWh0MunoCqFAqyGbqkjiwyN?=
 =?us-ascii?Q?186568RwcYiXPVINRBv+6H5zuOaeFrrEhS5v4M+/hPiR+KYMiyFA/V841kay?=
 =?us-ascii?Q?xYzUiZEJk81gQMUERGqZoDLlCS5wvKkYwJQEPjL995BC6YQgWteCE7uaLW6p?=
 =?us-ascii?Q?huxBLLuxCctPZXWt9hq8kvOnzvPlOazDP9BYPxZ8j9ZX0/96aR3P4BV+OoJ5?=
 =?us-ascii?Q?TKWAhvfdxKI31yOxqvB4pM2HSvNcfJvhwDpZ/uM8TMH36BExihZx7GNkEzUw?=
 =?us-ascii?Q?y/uVv/W41IxcK7aKCJ6IgKUhDtgtbPF55OSczj0eJZGcnaf4Nvi+8Z2uF+HQ?=
 =?us-ascii?Q?/RfM6oNuoEH4OZIbfwTRQFlhkP/loA40kAlJXPN4LiB9vWyKA0LyRImHChLm?=
 =?us-ascii?Q?H651L44Mo/g3yHogSsQq2luBfJTwEU+3UynD0S+HI6Yut573WctZB9AOJaFK?=
 =?us-ascii?Q?hOv9nGAo91YphHcP5K8lKIKFMG2kh4bl2lQTKY0N+IqYYOcjGGJ+NbiO1HK0?=
 =?us-ascii?Q?QN2oH4AtkOdomCukHEnkBjC4U99SfZfeXn29b5FthrnYVj2HB/IN0wdH8aAA?=
 =?us-ascii?Q?iysZ3Mc7sP9U5awe+BWmssdv+BiRICfhY+oR8fOQ2KmBb7iJjIgpqa8BNBq+?=
 =?us-ascii?Q?Rap7pfbjE2OTTfah3Mn6g6RE2rmt5yQLLwtiPLRCqhz/7GkXqHWpQnIHheI3?=
 =?us-ascii?Q?hpMQNkfBpk6vcjbYHXSqjP38tDjZRs8+GGbliv37+2zO0SG5HTUlAsUWigRZ?=
 =?us-ascii?Q?SPbsP+FIqrOEfUohWF2fKWVRSX72/a7d0g749cPBCJuTKVjLoVE09g0FzqJs?=
 =?us-ascii?Q?mDQag3F3MG+VoMzrgFKdAK8D/c3K/nBt9hsL/Gr+KwtV7/UAEE7Yfj6Hv6V3?=
 =?us-ascii?Q?shh3pLkecl5wbjI7Cqvbh2C5DNZkaWOqemxwkI+kgFnXhY7UUmPbpDqxDxna?=
 =?us-ascii?Q?rPnJ4rAmE3LLzt4Qc3Yj8wd0ybKyRNH4BhCa71hfk3td27OITZtyg0GOSVdn?=
 =?us-ascii?Q?32JhzoGTu6ZI8hyvi21bMke08wn7xMaG4WShzKcqgT3S8cTQgSpVDuc7rjoC?=
 =?us-ascii?Q?LowUGod04QWIMs1/fyLRaCkE1YZVtoXhEPMeKtK7sBtZoGpKK4dKUCVGtX4f?=
 =?us-ascii?Q?v5ZykQcjoWJxL5Hqu71glFyIdOu3QFFwWS/3A6CfMap9jvpe4HhsubjH7X0b?=
 =?us-ascii?Q?m+IX6bMbBE0WMAzdlTHtZkUVngg3vViGbogehs/6Dy6bwvQuoGamIkSzBVxl?=
 =?us-ascii?Q?kqttnAh3K6CGbhuaQBF/KwY=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <C71F46403E376C49A9A4C3C4AF64A9FD@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR10MB4688.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e7390e24-6842-4e81-4dda-08d993f1795c
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2021 17:45:58.1591
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: YWtB9cfQ3IK0rhoGVHvDnts2npFRTHUlHrtmPLHXC4yDak4+08mTirPG5pS5PE0akuBLYrN+NOfir33YF2Zptw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB3860
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10143 signatures=668683
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 suspectscore=0
 malwarescore=0 bulkscore=0 phishscore=0 adultscore=0 spamscore=0
 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2109230001 definitions=main-2110200100
X-Proofpoint-ORIG-GUID: sgHsLxrSJh1prKccv_uJhn2rkWAPdPQ3
X-Proofpoint-GUID: sgHsLxrSJh1prKccv_uJhn2rkWAPdPQ3
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org


> On Oct 20, 2021, at 12:37 PM, Olga Kornievskaia <olga.kornievskaia@gmail.=
com> wrote:
>=20
> On Wed, Oct 20, 2021 at 11:54 AM J. Bruce Fields <bfields@fieldses.org> w=
rote:
>>=20
>> knfsd has supported server-to-server copy for a couple years (since
>> 5.5).  You have set a module parameter to enable it.  I'm getting asked
>> when we could turn that parameter on by default.
>>=20
>> I've got a couple vague criteria: one just general maturity, the other a
>> security question:
>>=20
>> 1. General maturity: the only reports I recall seeing are from testers.
>> Is anyone using this?  Does it work for them?  Do they find a benefit?
>> Maybe we could turn it on by default in one distro (Fedora?) and promote
>> it a little and see what that turns up?
>>=20
>> 2. Security question: with server-to-server copy enabled, you can send
>> the server a COPY call with any random address, and the server will
>> mount that address, open a file, and read from it.  Is that safe?
>=20
> How about adding a piece then on the server (a policy) that would only
> control that? The concept behind the server-to-server was that servers
> might have a private/fast network between them that they would want to
> utilize. A more restrictive policy could be to only allow predefined
> network space to do the COPY? I know that more work. But sound like
> perhaps it might be something that provides more control to the
> server.
>=20
> But as Chuck pointed out perhaps the kerberos piece would make this
> concern irrelevant.

I like the idea of having a server-side policy setting that
controls whether s2sc is permitted, and maybe establishes a
range of IP addresses allowed to be destination servers.


--
Chuck Lever