From owner-freebsd-fs  Wed Jun 19  8: 4:18 2002
Delivered-To: freebsd-fs@freebsd.org
Received: from critter.freebsd.dk (critter.freebsd.dk [212.242.86.163])
	by hub.freebsd.org (Postfix) with ESMTP id 1481637B406
	for <freebsd-fs@FreeBSD.ORG>; Wed, 19 Jun 2002 08:04:08 -0700 (PDT)
Received: from critter.freebsd.dk (localhost [127.0.0.1])
	by critter.freebsd.dk (8.12.3/8.12.2) with ESMTP id g5JF2GIj012748;
	Wed, 19 Jun 2002 17:02:21 +0200 (CEST)
	(envelope-from phk@critter.freebsd.dk)
To: Martin Faxer <gmh003532@brfmasthugget.se>
Cc: freebsd-fs@FreeBSD.ORG
Subject: Re: a bunch of questions 
In-Reply-To: Your message of "Wed, 19 Jun 2002 16:41:11 +0200."
             <20020619144111.GA1352@lockdown.spectrum.fearmuffs.net> 
Date: Wed, 19 Jun 2002 17:02:16 +0200
Message-ID: <12747.1024498936@critter.freebsd.dk>
From: Poul-Henning Kamp <phk@critter.freebsd.dk>
Sender: owner-freebsd-fs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-fs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-fs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-fs>
X-Loop: FreeBSD.org

In message <20020619144111.GA1352@lockdown.spectrum.fearmuffs.net>, Martin Faxe
r writes:
>hello!
>
>i'm trying to make some sense of vfs and here comes a mail with
>basically (as the subject says) a bunch of questions:
>
>1) why is it preferred to do the permissions checking in the
>   actual file system specific code instead of vfs_[n]mount()?

Because not all filesystems need or indeed want the same
permissions checks.

Some filesystems don't even have a device (DEVFS, procfs, unionfs etc)

>2) in the statfs() code the f_fsid is zeroed out in the !superuser
>   case.  after some searching and cross-checking with OpenBSD i'm
>   lead to believe that this is because of a potential NFS insecurity
>   if any user is able to see the f_fsid.  does anybody know more
>   about this ? can a check be added like:

I belive it is because of the NFS.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk@FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message