Re: [NFS] [PATCH 2/7] NFS: if ATTR_KILL_S*ID bits are set, then skip mode change
- From: Greg Banks <gnb@xxxxxxx>
- Date: Fri, 14 Sep 2007 20:25:45 +1000
On Tue, Sep 04, 2007 at 10:37:04AM -0400, Jeff Layton wrote:
If the ATTR_KILL_S*ID bits are set then any mode change is only for
clearing the setuid/setgid bits. For NFS skip the mode change and
let the server handle it.
You're assuming the server will remove setuid and setgid bits on WRITE?
I don't see that behaviour specified in the RFC, at least for v3.
The RFC specifies a behaviour for the mtime attribute as a side
effect of WRITE, but says nothing about mode. This means server
implementations are free to clobber setuid or not. A quick experiment
shows that at least the Irix server will *NOT* clobber those bits.
So with an Irix server you've now lost this Linux-specific "security
feature".
I'm curious about the reasons behind this change. You mention
credential issues; how exactly is it that you have the correct creds
to perform a WRITE rpc but not a SETATTR rpc?
Greg.
--
Greg Banks, R&D Software Engineer, SGI Australian Software Group.
Apparently, I'm Bedevere. Which MPHG character are you?
I don't speak for SGI.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- Follow-Ups:
- References:
- [PATCH 2/7] NFS: if ATTR_KILL_S*ID bits are set, then skip mode change
- From: Jeff Layton
- [PATCH 2/7] NFS: if ATTR_KILL_S*ID bits are set, then skip mode change
- Prev by Date: [PATCH] 2.6.22.6 fix kernel panic on corrupted reiserfs directory
- Next by Date: Re: [PATCH 1/4] scsi: megaraid_sas -- add hibernation support
- Previous by thread: [PATCH 2/7] NFS: if ATTR_KILL_S*ID bits are set, then skip mode change
- Next by thread: Re: [NFS] [PATCH 2/7] NFS: if ATTR_KILL_S*ID bits are set, then skip mode change
- Index(es):
Relevant Pages
|
