[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue 9.1) DoS attack using global <lock>

To: netconf@ops.ietf.org
Subject: Issue 9.1) DoS attack using global <lock>
From: Andy Bierman <abierman@cisco.com>
Date: Tue, 02 Dec 2003 16:09:11 -0800

A DoS attack is possible if global lock allows users to 
lock more of the config dB than they have write access. 
Choose one of:
  - Only users with all-access can lock the dB
  - Only grant lock for areas that write-access is allowed
  - Support partial locks
  - Simply document the problem in the security section


--
to unsubscribe send a message to netconf-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/netconf/>

Follow-Ups:
- Re: Issue 9.1) DoS attack using global <lock>
  - From: Eliot Lear <lear@cisco.com>

Prev by Date: Issue 8.1) Sessions Proposal
Next by Date: Issue 9.2) <steal-lock>
Previous by thread: Issue 8.1) Sessions Proposal
Next by thread: Re: Issue 9.1) DoS attack using global <lock>
Index(es):
- Date
- Thread