From owner-cvs-all Mon Nov 27 10:38:55 2000 Delivered-To: cvs-all@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 0526937B4CF; Mon, 27 Nov 2000 10:37:51 -0800 (PST) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id eARIbab07630; Mon, 27 Nov 2000 10:37:36 -0800 (PST) Date: Mon, 27 Nov 2000 10:37:36 -0800 From: Alfred Perlstein To: Garrett Wollman Cc: "Brian F. Feldman" , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <20001127103736.H8051@fw.wintelcom.net> References: <200011270405.eAR45H578642@green.dyndns.org> <200011270450.eAR4oG579042@green.dyndns.org> <200011271508.KAA94135@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200011271508.KAA94135@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Mon, Nov 27, 2000 at 10:08:36AM -0500 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * Garrett Wollman [001127 07:08] wrote: > < said: > > > permissions and have getfh() respect my current effective credentials while > > letting me use it because I'm "really" root. > > getfh() requires appropriate privilege because file handles are > effectively capabilities -- posession of the handle, from an NFS > server, allows one to bypass all access-control checks. (It's one of > the reasons NFS is so insecure.) With knowledge of how the system > constructs file handles, it is potentially possible to access files > which would not be accessible otherwise. Basically one can spin in a tight loop guessing filehandles locally and open any file, it is somewhat constrained by permissions however since you're effectively bypassing the directory structure of the system you may be able to get into a directory that you shouldn't be in. Hence the restriction that only root can use this interface. On a side note, why isn't O_NOFOLLOW(sp?) not documented in open(2). Are there any other flags not documented and if possible can I get a short and concise summary of them so that I can update the manpage? thanks, -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message