From owner-freebsd-arch@FreeBSD.ORG  Fri May  9 10:32:21 2003
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: freebsd-arch@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2380B37B401; Fri,  9 May 2003 10:32:21 -0700 (PDT)
Received: from lothlorien.nfbcal.org (ns.NFBCAL.ORG [157.22.230.125])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 698CD43F75; Fri,  9 May 2003 10:32:20 -0700 (PDT)
	(envelope-from buhrow@lothlorien.nfbcal.org)
Received: (from buhrow@localhost)
          by lothlorien.nfbcal.org (8.11.6p2/8.8.4.nfbcal.org)
	  id h49HW9x11035; Fri, 9 May 2003 10:32:09 -0700 (PDT)
Message-Id: <200305091732.h49HW9x11035@lothlorien.nfbcal.org>
From: buhrow@lothlorien.nfbcal.org (Brian Buhrow)
Date: Fri, 9 May 2003 10:32:09 -0700
In-Reply-To: Bruce Evans <bde@zeta.org.au>
       "Re: Access times on executables (kern/25777)" (May  9,  5:23pm)
X-Mailer: Mail User's Shell (7.2.6 beta(4.pl1)+dynamic 20000103)
To: Bruce Evans <bde@zeta.org.au>,
	Kirk McKusick <mckusick@beastie.mckusick.com>
cc: arch@FreeBSD.org
cc: buhrow@lothlorien.nfbcal.org
cc: Jens Schweikhardt <schweikh@FreeBSD.org>
Subject: Re: Access times on executables (kern/25777)
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Discussion related to FreeBSD architecture
	<freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 09 May 2003 17:32:21 -0000

	I hope you forgive my naive question, but I fail to understand how the
NFS case can fail under any circumstance.  If a user tries to execute an
nfs-mounted binary which is not readable by him, doesn't the system "read"
the binary as the user root in order to execute the program, assuming the
proper execute bit is set?  And, once that is done, wouldn't the system
continue to read (page) that file as root?  If that doesn't work, then I
would assume that the system would fail to execute the program at all and
fail with a permission denied error.
In other words, when a user executes a remote file which has execute
permission set, but not read permission set, whose credentials does the
system use to read the file?  And, wouldn't those credentials work for the
duration of the program's execution, assuming you're not running Kerberized
NFS or AFS?
-Brian