DragonFly bugs List (threaded) for 2005-10
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
Re: nfs permission escalation?
Matthew Dillon wrote:
:Now if I try to run it as root (again), it suddenly works. I guess that
:our namecache isn't aware of the rootsquashing and thus grants access to
:the cached vnode.
Yes, this is simply because from the client's point of view,
root is allowed to access everything, while from the server's point
of view, any root cred accesses will be converted to UID -2.
So if the data is not cached on the client, the request is passed
to the server and rejected because uid -2 has no access to it.
But once the data is cached on the client, the client can access
it as root even if the server would otherwise not allow that.
There are cache timeouts involved here too. Once the attribute
cache times out I'm not sure whether the next root-access will
succeed or not... probably not.
Yes, but should we fix it (by querying always?) or is this a common
problem for other implementations as well?
cheers
simon
--
Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
Work - Mac +++ space for low $$$ NOW!1 +++ Campaign \ /
Party Enjoy Relax | http://dragonflybsd.org Against HTML \
Dude 2c 2 the max ! http://golden-apple.biz Mail + News / \
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[
Date Index][
Thread Index]
