Date: Thu, 12 Feb 1998 17:48:40 -0500 (EST) From: "Matthew N. Dodd" <winter@jurai.net> To: Eivind Eklund <eivind@yes.no> Cc: Charles Owens <owensc@enc.edu>, hackers list FreeBSD <freebsd-hackers@FreeBSD.ORG>, braam@cs.cmu.edu Subject: Re: Coda FS: FBSD port done!, but development favors Linux Message-ID: <Pine.BSF.3.96.980212173901.17909Y-100000@sasami.jurai.net> In-Reply-To: <19980212185933.22479@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I for one would love to see this feature (if indeed you are talking about open by inode#). It is highly useful for applications that wish to bypas limitations of FS name lookup (bypass the overhead that is) and implement their own faster indexing directly. News is one such application. (Store article inode# in the overview database and open directly.) For a big fileserver you aren't likely to have local users that could take advantage of the security problems you describe, and CODA will be hidning that information so remote machines won't be able to abuse it either. Of course if we had Veritas or XFS we would have no need to open by inode# as they store their metadata in structures that support high speed lookups by nature. If you wouldn't mind spending the 15 minutes to implement this functionality I for one would be most interested in seeing your patches. Would you be implementing a new open call like say iopen(). Are we even talking about the same thing here? :) On Thu, 12 Feb 1998, Eivind Eklund wrote: > It would take about 15 minutes to create this functionality, and it > has been discussed before. It has been decided against on the basis > of security. This break chroot() completely, and it break the > protection you presently have when > > -rwxr-x--- src/ > -rwxr-xr-x src/somefile > > - somefile will be available to an attacker. > > If this is what it takes to get Coda, I for one won't use it, but I > can probably create and commit a kernel option that give the access > methods so that others can. > > It will not be part of FreeBSD in the default configuration, at least > not if I have any say in the matter. (Sorry to be so brutal, but it > really kill a lot of security assumptions.) /* Matthew N. Dodd | A memory retaining a love you had for life winter@jurai.net | As cruel as it seems nothing ever seems to http://www.jurai.net/~winter | go right - FLA M 3.1:53 */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980212173901.17909Y-100000>