From owner-cvs-all  Tue Feb 19  1:13:26 2002
Delivered-To: cvs-all@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0DFB337B404; Tue, 19 Feb 2002 01:13:20 -0800 (PST)
Received: by flood.ping.uio.no (Postfix, from userid 2602)
	id 18AC45341; Tue, 19 Feb 2002 10:13:18 +0100 (CET)
X-URL: http://www.ofug.org/~des/
X-Disclaimer: The views expressed in this message do not necessarily
  coincide with those of any organisation or company with
  which I am or have been affiliated.
To: Robert Watson <rwatson@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/miscfs/procfs procfs_subr.c
References: <Pine.NEB.3.96L.1020218191459.69361L-100000@fledge.watson.org>
From: Dag-Erling Smorgrav <des@ofug.org>
Date: 19 Feb 2002 10:13:17 +0100
In-Reply-To: <Pine.NEB.3.96L.1020218191459.69361L-100000@fledge.watson.org>
Message-ID: <xzpheod7s2a.fsf@flood.ping.uio.no>
Lines: 24
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/21.1
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Robert Watson <rwatson@FreeBSD.org> writes:
> On 18 Feb 2002, Dag-Erling Smorgrav wrote:
> > The upper layers of the VFS system enforce the file mode. 
> Hmm.  I'm not sure that's true in most cases.  Under normal circumstances,
> upper layers of VFS rely on the per-filesystem code to do enforcement as
> part of common operations, or they rely on the per-filesystem VOP_ACCESS() 
> code.

Ah, well, here's to making rash assumptions.  However, 1) pseudofs has
a fully functional VOP_ACCESS() (based on vaccess(9)), and 2)
empirical tests show that this change works as intended.

  There are a few exceptions, but not very many.  This generally
> reflects the fact that the broader abstractions of the kernel don't
> understand per-fs access control mechanisms, such as those in msdosfs,
> NFS, AFS, etc, which differ substantially from local models.  Does this
> change have specific non-cosmetic effects that you have in mind?  For
> example, should we be doing a security advisory?

Possibly.  The buggy code has been in -CURRENT since early December.

DES
-- 
Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message