From owner-cvs-all  Mon Nov 27  7: 8:41 2000
Delivered-To: cvs-all@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP
	id A1DD837B479; Mon, 27 Nov 2000 07:08:37 -0800 (PST)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA94135;
	Mon, 27 Nov 2000 10:08:36 -0500 (EST)
	(envelope-from wollman)
Date: Mon, 27 Nov 2000 10:08:36 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200011271508.KAA94135@khavrinen.lcs.mit.edu>
To: "Brian F. Feldman" <green@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c 
In-Reply-To: <200011270450.eAR4oG579042@green.dyndns.org>
References: <green@FreeBSD.org>
	<200011270405.eAR45H578642@green.dyndns.org>
	<200011270450.eAR4oG579042@green.dyndns.org>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

<<On Sun, 26 Nov 2000 23:50:11 -0500, "Brian F. Feldman" <green@FreeBSD.org> said:

> permissions and have getfh() respect my current effective credentials while 
> letting me use it because I'm "really" root.

getfh() requires appropriate privilege because file handles are
effectively capabilities -- posession of the handle, from an NFS
server, allows one to bypass all access-control checks.  (It's one of
the reasons NFS is so insecure.)  With knowledge of how the system
constructs file handles, it is potentially possible to access files
which would not be accessible otherwise.

-GAWollman




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message