Hi, I think there is an undocumented security vulnerability. Because we REQUIRE the read-write objects to not persist across reboots, an undetected reboot of the SNMP system shuts off notifications. If an operator turns on notifications via the enable objects in this module, they presumably want to be told of certain events that might occur. If notifications are used to report security issues, an attacker that can somehow cause the system to restart will disable notifications, presumably including those that warn an operator of an attack. (as well as those that warn an operator of an undesirable operational state, such as interface down). I think that’s a problem.
I also question the use of MUST NOT persist. How does an implementation allowing the enable setting to persist break the protocol or the managed entity? I think an appropriate RFC2119 usage would be “implementations MAY choose to not persist the values.” dbh On Jul 4, 2014, at 10:50 AM, Hirochika Asai <[email protected]> wrote: > Dear all, > > Thanks to comments through the mailing list on the read-write objects in the > MIB, > we have uploaded the new version of <draft-ietf-opsawg-vmm-mib>. > > The differences are derived from the discussion on this mailing list: > 1) Replace the read-write MAX-ACCESS with the read-only MAX-ACCESS > except for vmPerVMNotificationsEnabled and vmBulkNotificationsEnabled. > 2) Add description stating "Changes to this object MUST NOT persist across > re-initialization of the management system, e.g., SNMP agent." to these two > read-write objects for clarification. > > The security consideration is fixed according to these changes. Some unclear > descriptions are also modified. > > Thank you. > Hirochika > > > Begin forwarded message: > >> From: [email protected] >> Subject: [OPSAWG] I-D Action: draft-ietf-opsawg-vmm-mib-01.txt >> Date: July 4, 2014 11:43:01 PM GMT+09:00 >> To: [email protected] >> Cc: [email protected] >> >> >> A New Internet-Draft is available from the on-line Internet-Drafts >> directories. >> This draft is a work item of the Operations and Management Area Working >> Group Working Group of the IETF. >> >> Title : Management Information Base for Virtual Machines >> Controlled by a Hypervisor >> Authors : Hirochika Asai >> Michael MacFaden >> Juergen Schoenwaelder >> Keiichi Shima >> Tina Tsou >> Filename : draft-ietf-opsawg-vmm-mib-01.txt >> Pages : 56 >> Date : 2014-07-04 >> >> Abstract: >> This document defines a portion of the Management Information Base >> (MIB) for use with network management protocols in the Internet >> community. In particular, this specifies objects for managing >> virtual machines controlled by a hypervisor (a.k.a. virtual machine >> monitor). >> >> >> The IETF datatracker status page for this draft is: >> https://datatracker.ietf.org/doc/draft-ietf-opsawg-vmm-mib/ >> >> There's also a htmlized version available at: >> http://tools.ietf.org/html/draft-ietf-opsawg-vmm-mib-01 >> >> A diff from the previous version is available at: >> http://www.ietf.org/rfcdiff?url2=draft-ietf-opsawg-vmm-mib-01 >> >> >> Please note that it may take a couple of minutes from the time of submission >> until the htmlized version and diff are available at tools.ietf.org. >> >> Internet-Drafts are also available by anonymous FTP at: >> ftp://ftp.ietf.org/internet-drafts/ >> >> _______________________________________________ >> OPSAWG mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/opsawg > > -- > Hirochika Asai <[email protected]>, The University of Tokyo > > _______________________________________________ > OPSAWG mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/opsawg _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
