Bull GNU/Linux NFSv4 project

Security testing: protection against attack and penetration

Introduction

A summary of the discussions made about this subject is available on the NFSv4 wiki

Discussions have shown that the priority was to do tests to avoid memory corruptions problems such as buffer overflows

This page deals with the tests to detect potential buffer overflow in kernel and userland NFS code

Tools

Checker

Checker is a tool which finds memory errors at runtime. Its primary function is to emit a warning when the program reads an uninitialized variable or memory area, or when the program accesses an unallocated memory area.

See checker web page

Duma

DUMA is an open-source library (under GNU General Public License) to detect buffer overruns and under-runs in C programs. This library is a fork of Electric Fence library and adds some new features to it.

See DUMA web page

Test performed

NFSv4 tests have been runned with Connectathon test suite with the linux 2.6.15-rc3-CITI_NFS4_ALL-1 kernel and CITI patches.

Successfully tested userland packages (compiled with checker gcc):

nfs-utils-1.0.8-rc2
util-linux-2.12
libtirpc-0.1.7.tar.bz2
librpcsecgss-0.6
libgssapi-0.5

Kernel code: in knfsd these functions have been traced to check all occurences where data are put in memory without taking all the allocated memory

strl*

strc*

strnc*

memc*

memlcp*

*alloc*

Tests summary

This page is not displayed correctly? Please, use a browser written on this century

Page maintained by: Aurelien Charbon		Accessed times since its creation.
	Last update: 2006, January 05