From owner-freebsd-bugs Wed Jun 19 04:20:04 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA07815 for bugs-outgoing; Wed, 19 Jun 1996 04:20:04 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id EAA07808; Wed, 19 Jun 1996 04:20:02 -0700 (PDT) Resent-Date: Wed, 19 Jun 1996 04:20:02 -0700 (PDT) Resent-Message-Id: <199606191120.EAA07808@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, jkh@time.cdrom.com Received: from time.cdrom.com (time.cdrom.com [204.216.27.226]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id EAA07035 for ; Wed, 19 Jun 1996 04:13:39 -0700 (PDT) Received: (from jkh@localhost) by time.cdrom.com (8.7.5/8.6.9) id EAA29196; Wed, 19 Jun 1996 04:13:32 -0700 (PDT) Message-Id: <199606191113.EAA29196@time.cdrom.com> Date: Wed, 19 Jun 1996 04:13:32 -0700 (PDT) From: "Jordan K. Hubbard" Reply-To: jkh@time.cdrom.com To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: kern/1336: Permission for .. in NFS mounts is somewhat non-intuitive Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1336 >Category: kern >Synopsis: Permission for .. in NFS mounts is somewhat non-intuitive >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Jun 19 04:20:01 PDT 1996 >Last-Modified: >Originator: Jordan K. Hubbard >Organization: - Jordan Hubbard FreeBSD Project >Release: FreeBSD 2.2-CURRENT i386 >Environment: Two machines, client and server. The following permissions for /u exist on each: client-> ls -lgd /u drwxr-x--- 2 root wheel 512 Jun 19 04:02 /u server-> ls -lgd /u drwxr-xr-x 2 root wheel 512 Jun 19 04:02 /u The following NFS mount has also been done: client-> mount server:/u /u >Description: If an ordinary user (e.g. not root and not in group wheel) on the client attempts to do a pwd(1) in /u, the operation will fail. This appears to be due to the fact that pwd walks up the directory hierarchy by opening ".." and the permissions of the mount mount rather than the mounted directory are checked. If nothing else, this violates the principle of least surprise and can be a very non-obvious problem for the user given that the mount point permissions are obscured. >How-To-Repeat: See above. >Fix: >Audit-Trail: >Unformatted: