[gpfsug-discuss] multicluster security

IBM Spectrum Scale scale at us.ibm.com
Fri Aug 25 23:41:53 BST 2017


Hi Aaron,

If cluster A uses the mmauth command to grant a file system read-only
access to a remote cluster B, nodes on cluster B can only mount that file
system with read-only access.  But the only checking being done at the RPC
level is the TLS authentication.  This should prevent non-root users from
initiating RPCs, since TLS authentication requires access to the local
cluster's private key. However, a root user on cluster B, having access to
cluster B's private key, might be able to craft RPCs that may allow one to
work around the checks which are implemented at the file system level.

Regards, The Spectrum Scale (GPFS) team

------------------------------------------------------------------------------------------------------------------

If you feel that your question can benefit other users of  Spectrum Scale
(GPFS), then please post it to the public IBM developerWroks Forum at
https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479.


If your query concerns a potential software error in Spectrum Scale (GPFS)
and you have an IBM software maintenance contract please contact
1-800-237-5511 in the United States or your local IBM Service Center in
other countries.

The forum is informally monitored as time permits and should not be used
for priority messages to the Spectrum Scale (GPFS) team.



From:	Aaron Knister <aaron.s.knister at nasa.gov>
To:	gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:	08/21/2017 11:04 PM
Subject:	[gpfsug-discuss] multicluster security
Sent by:	gpfsug-discuss-bounces at spectrumscale.org



Hi Everyone,

I have a theoretical question about GPFS multiclusters and security.
Let's say I have clusters A and B. Cluster A is exporting a filesystem
as read-only to cluster B.

Where does the authorization burden lay? Meaning, does the security rely
on mmfsd in cluster B to behave itself and enforce the conditions of the
multi-cluster export? Could someone using the credentials on a
compromised node in cluster B just start sending arbitrary nsd
read/write commands to the nsds from cluster A (or something along those
lines)? Do the NSD servers in cluster A do any sort of sanity or
security checking on the I/O requests coming from cluster B to the NSDs
they're serving to exported filesystems?

I imagine any enforcement would go out the window with shared disks in a
multi-cluster environment since a compromised node could just "dd" over
the LUNs.

Thanks!

-Aaron

--
Aaron Knister
NASA Center for Climate Simulation (Code 606.2)
Goddard Space Flight Center
(301) 286-2776
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=IbxtjdkPAM2Sbon4Lbbi4w&m=oK_bEPbjuD7j6qLTHbe7HM4ujUlpcNYtX3tMW2QC7_w&s=BliMQ0pToLIIiO1jfyUp2Q3icewcONrcmHpsIj_hMtY&e=




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170825/1056a298/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170825/1056a298/attachment.gif>


More information about the gpfsug-discuss mailing list