Re: Possible permissions bug on NFSv3 kernel client

From: Trond Myklebust (trond.myklebust_at_fys.uio.no)
Date: 04/29/04

  • Next message: William Lee Irwin III: "Re: 2.6.6-rc2-mm2" 
    To: Pascal Schmidt <der.eremit@email.de>
Date:	Thu, 29 Apr 2004 17:17:15 -0400

    On Thu, 2004-04-29 at 16:49, Pascal Schmidt wrote:
    > On Thu, 29 Apr 2004 19:50:06 +0200, you wrote in linux.kernel:
    >
    > >> ...so that the the MODIFY and EXTEND bits aren't set when writing to a
    > >> block or character device.
    > >
    > > Hmm... Why shouldn't the MODIFY bit at least be set if the user
    > > requested write access to the device?
    >
    > It's somewhat of a mixed-up situation for device nodes exported via
    > NFSv3. Permission bits are on the server, but the actual write does
    > not happen via NFS (as v3 WRITE only works on regular files).

    It's not "mixed up" at all: the permissions checking has to be done by
    the server, period.
    All the file security information (the mode bits, owner uid, group gid,
    ACLs etc) that determine whether or not the open() should succeed are
    defined on the *server* not on the client. If the former is doing some
    form of mapping of those values (in particular if it is doing some form
    of root/uid/gid squashing) then the only way for the client to get it
    right is to make an ACCESS call.

    The fact that the subsequent writes go to a device on the client is
    entirely irrelevant.

    Cheers,
      Trond
    -
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  • Next message: William Lee Irwin III: "Re: 2.6.6-rc2-mm2"

    Relevant Pages

    • Re: DCOM security in Windows Server 2003 SP1
      ... it's unfortunate that they chose a different name for it in the server edition if it's indeed the same thing. ... DCOM by one account or set COAUTHINFO in COSERVERINFO in CoCreateInstanceEx) with special activation privilege, for example, a domain account in the newly created build-in group "Distributed DCOM user", and switch back to the identity that runs the client program after the activation? ... like to grand remote activation permission to "Everyone" in the computerwide restrictions or DCOM limits whatever it is called, just because our client program fails. ...
      (microsoft.public.win32.programmer.ole)
    • RE: kernel performance update - 2.6.14
      ... Volanomark server broadcasts ... short message from each client to the other ... to send TCP ACK without delay, we can reduce the system idle to 0% ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: Outbound email, but no inbound
      ... I did check with the ISP provider and of course ... <<< 454 5.7.3 Client does not have permission to submit mail to this server. ...
      (microsoft.public.windows.server.sbs)
    • Re: [PATCH] private mounts
      ... NFSv3 implements it's own permission checking based on credentials ... returned by the server. ... How would sshfs client create permission bits for files, ... send the line "unsubscribe linux-kernel" in ...
      (Linux-Kernel)
    • Re: Code Permission - Should I write a custom "Friend Permission" (or
      ... If you can consider your server to be safe from direct meddling, ... need to worry about a client directly disabling CAS on your server. ... BTW, on the side issue of authoring a custom permission, it's not generally ... declaring the permission attribute from the local policy assemblies list. ...
      (microsoft.public.dotnet.framework)