Date: Thu, 23 Mar 2006 18:00:56 +1100 From: Peter Jeremy <peterjeremy@optushome.com.au> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: stable@freebsd.org Subject: Re: flushing "anonymous" buffers over NFS is rejected by server (more weird bugs with mmap-ing via NFS) Message-ID: <20060323070056.GC679@turion.vk2pj.dyndns.org> In-Reply-To: <200603222333.k2MNXnP8015012@apollo.backplane.com> References: <200603211607.30372.mi%2Bmx@aldan.algebra.com> <200603221427.45219.mi%2Bmx@aldan.algebra.com> <200603222020.k2MKKKIF013999@apollo.backplane.com> <200603221659.04157.mi%2Bmx@aldan.algebra.com> <200603222333.k2MNXnP8015012@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2006-Mar-22 15:33:49 -0800, Matthew Dillon wrote: > solution. Basically the server would have to accept root creds but > instead of translating them to a fixed uid it should allow the > I/O operation to run as long as some non-root user would be able to > do the I/O op. This doesn't work with modes like 446 (which allow writing by everyone not in a particular group). Doesn't that amount to significantly reducing the security of NFS? ISTR the original reason for "nobody" was that it was trivial to fake root so the server would map it to an account with (effectively) no privileges. This change would give root on a client (file) privileges equal to the union of every non-root user on the server. In particular, it appears that the server can't tell if a file was opened for read or write so a client could open a file for reading (getting a valid FH) and then write to it (even though it couldn't have opened the file for writing). -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060323070056.GC679>