Date: Fri, 7 Mar 1997 09:30:13 -0500 From: Garrett Wollman <wollman@lcs.mit.edu> To: "Daniel O'Callaghan" <danny@panda.hilink.com.au> Cc: freebsd-security@freebsd.org Subject: 4.4BSD NFS File Handles (fwd) Message-ID: <9703071430.AA26267@halloran-eldar.lcs.mit.edu> In-Reply-To: <Pine.BSF.3.91.970307161526.2758N-100000@panda.hilink.com.au> References: <Pine.BSF.3.91.970307161526.2758N-100000@panda.hilink.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Fri, 7 Mar 1997 16:15:41 +1100 (EST), "Daniel O'Callaghan" <danny@panda.hilink.com.au> said:
> if (suser(p->p_ucred, &p->p_acflag)) {
> sb->st_gen = 0;
> } else {
> sb->st_gen = vap->va_gen;
> }
This test is bogus. The problem is that is causes p_acflag to get the
``used superuser privileges'' bit set every time a root process calls
stat(). Since most processes call stat() at least once in their
lifetime, this would make p_acflag completely useless.
I'm certainly willing to live with not making this information
available through the stat(2) interface at all. Any process with
appropriate privilege can simply read the information off the disk
anyway, so I don't see any benefit in having it here. (A process with
appropriate privilege can also call getfh(2) and parse the returned
handle.)
-GAWollman
--
Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu | O Siem / The fires of freedom
Opinions not those of| Dance in the burning flame
MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9703071430.AA26267>