Date: Sun, 09 Mar 1997 09:08:50 -0800 From: Cy Schubert <cy@cwsys.cwent.com> To: Garrett Wollman <wollman@lcs.mit.edu> Cc: "Daniel O'Callaghan" <danny@panda.hilink.com.au>, freebsd-security@freebsd.org Subject: Re: 4.4BSD NFS File Handles (fwd) Message-ID: <199703091708.JAA00702@cwsys.cwent.com> In-Reply-To: Your message of "Fri, 07 Mar 1997 09:30:13 EST." <9703071430.AA26267@halloran-eldar.lcs.mit.edu>
index | next in thread | previous in thread | raw e-mail
> <<On Fri, 7 Mar 1997 16:15:41 +1100 (EST), "Daniel O'Callaghan" <danny@panda.
hilink.com.au> said:
>
> > if (suser(p->p_ucred, &p->p_acflag)) {
> > sb->st_gen = 0;
> > } else {
> > sb->st_gen = vap->va_gen;
> > }
>
> This test is bogus. The problem is that is causes p_acflag to get the
> ``used superuser privileges'' bit set every time a root process calls
> stat(). Since most processes call stat() at least once in their
> lifetime, this would make p_acflag completely useless.
Agreed. Replacing the "if (suser(p->p_ucred, &p->p_acflag)) {" in the
patch with "if (p->p_cred->pc_ucred->cr_uid == 0) {" should address this
concern.
>
> I'm certainly willing to live with not making this information
> available through the stat(2) interface at all. Any process with
> appropriate privilege can simply read the information off the disk
> anyway, so I don't see any benefit in having it here. (A process with
> appropriate privilege can also call getfh(2) and parse the returned
> handle.)
I disagree. This field is returned by other UNICES, notably DEC UNIX among
others. Removing it would cause some portability concerns in some cases,
e.g. some code may not compile right-out-of-the-box.
Regards, Phone: (250)387-8437
Cy Schubert Fax: (250)387-5766
UNIX Support OV/VM: BCSC02(CSCHUBER)
ITSD BITNET: CSCHUBER@BCSC02.BITNET
Government of BC Internet: cschuber@uumail.gov.bc.ca
cschuber@bcsc02.gov.bc.ca
"Quit spooling around, JES do it."
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703091708.JAA00702>