NetBSD Problem Report #58114

From www@netbsd.org  Thu Apr  4 20:55:33 2024
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id CED051A9239
	for <gnats-bugs@gnats.NetBSD.org>; Thu,  4 Apr 2024 20:55:32 +0000 (UTC)
Message-Id: <20240404205531.C99511A923B@mollari.NetBSD.org>
Date: Thu,  4 Apr 2024 20:55:31 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: amd(8) security model isn't clear
X-Send-Pr-Version: www-1.0

>Number:         58114
>Category:       misc
>Synopsis:       amd(8) security model isn't clear
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Apr 04 21:00:00 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current
>Organization:
The NfsAMD Foundation
>Environment:
spitting hail, sleet, and wind at me
>Description:
The security model of amd(8) is unclear:

- What is amd(8) exposed to when you launch it?
  => Privileged processes, presumably.
  => Unprivileged processes when when they try to follow automounted directories?
  => Unprivileged processes via amq(8)?
  => Remote network access?
- How is access controlled?
  => Are there any fixed port numbers that can be firewalled?
  => Can the operator specify a fixed port number that can be firewalled?

The man pages and NetBSD guide should both explain this.
>How-To-Repeat:
man amd, get confused
>Fix:
Yes, please!

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2024 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.