From owner-freebsd-current  Thu Apr 12 11:14:45 2001
Delivered-To: freebsd-current@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP id 2B9B937B43E
	for <current@FreeBSD.ORG>; Thu, 12 Apr 2001 11:14:43 -0700 (PDT)
	(envelope-from bright@fw.wintelcom.net)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id f3CIEfG15562;
	Thu, 12 Apr 2001 11:14:41 -0700 (PDT)
Date: Thu, 12 Apr 2001 11:14:40 -0700
From: Alfred Perlstein <bright@wintelcom.net>
To: Thomas Quinot <quinot@inf.enst.fr>
Cc: current@FreeBSD.ORG
Subject: Re: NFS export to netgroup with duplicate hosts
Message-ID: <20010412111440.F24582@fw.wintelcom.net>
References: <20010412182900.B30764@cuivre.fr.eu.org> <Pine.SGI.4.10.10104121836360.3093471-100000@harem.imp.ch> <20010412110021.D24582@fw.wintelcom.net> <20010412200617.A12763@shalmaneser.enst.fr>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010412200617.A12763@shalmaneser.enst.fr>; from quinot@inf.enst.fr on Thu, Apr 12, 2001 at 08:06:17PM +0200
X-all-your-base: are belong to us.
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

* Thomas Quinot <quinot@inf.enst.fr> [010412 11:06] wrote:
> Le 2001-04-12, Alfred Perlstein écrivait :
> 
> > m: "Don't call me dude." *thwack* "The point is that if the
> > workstation is untrusted, what's the stop the mallicious hacker
> > from taking a read-only filehandle and swapping the top byte with
> > the byte required for write access?"
> 
> The kernel could include a 'signature' in the handle, e.g. in the form of
> a hash of (perm-bytes,handle-bytes,secret-key).
> 
> (But the following still holds:)
> 
> > s: "Master, this sounds like hella work!"
> (plus some crypto algorithm right in kernel space...)
>  
> > m: "Ahhhh, you are correct, now get cracking!"

None of that would protect you when a single client has two
exports available, one read and one write on the same filesystem.

A machine with just  / that exports /usr and /var with different
perms... (/usr is rw, /var is ro)

Well the untrusted client can use the "magic" from the /usr
to access /var rw instead of ro.

It's actually not that big of a deal to attach the client/perms
though so that seperate machines can access the same mount
point differently.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
http://www.egr.unlv.edu/~slumos/on-netbsd.html

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message