Re: iSCSI: Text request/response spanning - security issue?

To: Paul Koning <ni1d@arrl.net>
Subject: Re: iSCSI: Text request/response spanning - security issue?
From: "Julian Satran" <Julian_Satran@il.ibm.com>
Date: Thu, 4 Apr 2002 15:46:34 +0300
Cc: ips@ece.cmu.edu, luben@splentec.com, owner-ips@ece.cmu.edu
Content-Type: multipart/alternative; boundary="=_alternative 00394D2CC2256B91_="
Sender: owner-ips@ece.cmu.edu

that sounds like a very reasonable thing to do. Julo

Paul Koning <ni1d@arrl.net>
Sent by: owner-ips@ece.cmu.edu

29-03-02 15:12
Please respond to Paul Koning

To: luben@splentec.com
cc: ips@ece.cmu.edu
Subject: Re: iSCSI: Text request/response spanning - security issue?

>>>>> "Luben" == Luben Tuikov <luben@splentec.com> writes:

Luben> ...We cannot control the format of the VALUE (above), as
Luben> companies will add their own keys. (Reason 2)

Luben> Thus we need to restrict the "KEY=VALUE" as a whole, its
Luben> internals past iSCSI are up to the implementations/ companies
Luben> which add them.

Luben> If we impose restrictions on "KEY=VALUE" then we need not
Luben> impose restrictions on the size of KEY or VALUE separately,
Luben> just that KEY cannot be an empty sequence.

Luben> The node should know in advance how big of a span a
Luben> "KEY=VALUE" will be in order to 1) reject it (out of
Luben> resources) or 2) prepare for its arrival (whatever this
Luben> means).

I would argue that an implementation can, and should, have its own
protective limits no matter what the standard may have to say about
it. If a well-crafted sequence of messages crashes an implementation,
the blame goes to the implementation, not to the standard.

But I do agree that the standard needs to say more. Given that
resources and needs may vary, it seems overly restrictive to place a
hard upper bound on the overall size. What I would propose instead is
that the standard specify an overall size that all implementations
MUST support. Larger sizes may be accepted if the implementation has
the needed memory -- which allows implementations that have special
requirements to deal with that within the standard -- but a conforming
implementation would be entitled to reject such large negotiations.

One question: are we concerned here with an individual "key=value" or
with all of the key=value pairs in the text messages taken together?
I can see reasons to worry about the entire set of key=value pairs, so
having a size bound (as in "everyone MUST support at least this much")
on that would take care of the entire question in one step.

paul

Prev by Date: Re: Text request/response spanning - security issue?
Next by Date: Re: FCEncap Last Call Comment 40
Prev by thread: Re: iSCSI: Text request/response spanning - security issue?
Next by thread: Relation between the Initiator Task Tag and the execution state
Index(es):
- Date
- Thread

Home

Last updated: Thu Apr 04 09:18:23 2002
9482 messages in chronological order