Date: Wed, 30 Apr 1997 08:33:04 +0100 (BST) From: Doug Rabson <dfr@nlsystems.com> To: pius@ienet.com Cc: freebsd-fs@FreeBSD.ORG, terryl@ienet.com Subject: Re: nfs cache permissions problem? Message-ID: <Pine.BSF.3.95q.970430082813.13137G-100000@herring.nlsystems.com> In-Reply-To: <199704292153.OAA11773@iago.ienet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 29 Apr 1997 pius@ienet.com wrote: > > I've noticed that in a certain case it is possible for a user > to obtain access to an NFS-mounted file to which he should not > (and does not if the fs were mounted locally) have access to. > > [snip] > > I don't know much about NFS, but it appears that the requested file is being > cached somewhere, and when it's requested again by another user, the path > is not checked again to see that the user has execute permission for every > part of the path. Only the permissions on the file itself are checked. I know about this problem and there is an open PR for it. I don't know what the right fix for it is though. I can't do an ACCESS rpc for every cache read (apart from the performance, NFSv2 doesn't have an ACCESS rpc). The best I have come up with so far is to somehow associate a cred with each buf in the cache and only allow accesses which are allowed by the cred. Failures will invalidate the buf and attempt the READ rpc, allowing the server to do the check. > Is this just one of the expected hazards one is exposed to > when using NFS (with -maproot=root)? Afraid so. -- Doug Rabson Mail: dfr@nlsystems.com Nonlinear Systems Ltd. Phone: +44 181 951 1891
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970430082813.13137G-100000>