NetBSD Problem Report #58114
From www@netbsd.org Thu Apr 4 20:55:33 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id CED051A9239
for <gnats-bugs@gnats.NetBSD.org>; Thu, 4 Apr 2024 20:55:32 +0000 (UTC)
Message-Id: <20240404205531.C99511A923B@mollari.NetBSD.org>
Date: Thu, 4 Apr 2024 20:55:31 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: amd(8) security model isn't clear
X-Send-Pr-Version: www-1.0
>Number: 58114
>Category: misc
>Synopsis: amd(8) security model isn't clear
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: misc-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Apr 04 21:00:00 +0000 2024
>Originator: Taylor R Campbell
>Release: current
>Organization:
The NfsAMD Foundation
>Environment:
spitting hail, sleet, and wind at me
>Description:
The security model of amd(8) is unclear:
- What is amd(8) exposed to when you launch it?
=> Privileged processes, presumably.
=> Unprivileged processes when when they try to follow automounted directories?
=> Unprivileged processes via amq(8)?
=> Remote network access?
- How is access controlled?
=> Are there any fixed port numbers that can be firewalled?
=> Can the operator specify a fixed port number that can be firewalled?
The man pages and NetBSD guide should both explain this.
>How-To-Repeat:
man amd, get confused
>Fix:
Yes, please!
(Contact us)
$NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.