Date: Mon, 27 Nov 2000 10:08:36 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: "Brian F. Feldman" <green@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/inetd builtins.c Message-ID: <200011271508.KAA94135@khavrinen.lcs.mit.edu> In-Reply-To: <200011270450.eAR4oG579042@green.dyndns.org> References: <green@FreeBSD.org> <200011270405.eAR45H578642@green.dyndns.org> <200011270450.eAR4oG579042@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 26 Nov 2000 23:50:11 -0500, "Brian F. Feldman" <green@FreeBSD.org> said: > permissions and have getfh() respect my current effective credentials while > letting me use it because I'm "really" root. getfh() requires appropriate privilege because file handles are effectively capabilities -- posession of the handle, from an NFS server, allows one to bypass all access-control checks. (It's one of the reasons NFS is so insecure.) With knowledge of how the system constructs file handles, it is potentially possible to access files which would not be accessible otherwise. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011271508.KAA94135>