Date: Thu, 12 Apr 2001 23:51:54 +0200 From: Martin Blapp <mb@imp.ch> To: Matt Dillon <dillon@earth.backplane.com> Cc: freebsd-current@FreeBSD.ORG, Thomas Quinot <quinot@inf.enst.fr>, alfred@FreeBSD.ORG Subject: Re: NFS export to netgroup with duplicate hosts Message-ID: <Pine.SGI.4.10.10104122343100.3111172-100000@harem.imp.ch> In-Reply-To: <200104122114.f3CLExb25647@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> The reason is that the file handles passed to nfsd could then > be trivially faked to gain rw access on a ro-exported subdirectory. > For example, if you export /usr read-only and /usr/local read-write, > you can then construct an NFS request using /usr/local's mount point > but with a file handle that represents a file in /usr, and then be > able to write to that file. This is because the file handle > representing file X will be almost identical no matter which mount > point X is accessed relative to. Yes I see. I'd also like to see what happens if you move some directory, or if you are doing hardlinks and also move them ... :-) Your explanation is logical to me. Maybe we should fix the exports(5) manpage. This is not a bug, it's a security restriction. It seems to me that we have a really good nfs implementation here on BSD, and we can do more finetuning than on Solaris itself. Also mountd and export seems to support more features than in Solaris, according to the manpage. Could this export restriction change in future with nfsv4, when nfs does get stateful (I've heard about that the stateless behaviour will go away with nfsdv4) ... ? I do not know much about the internals of nfsv4 ... Martin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.10.10104122343100.3111172-100000>