flushing "anonymous" buffers over NFS is rejected by server
(more weird bugs with mmap-ing via NFS)
Peter Jeremy
peterjeremy at optushome.com.au
Thu Mar 23 07:01:14 UTC 2006
On Wed, 2006-Mar-22 15:33:49 -0800, Matthew Dillon wrote:
> solution. Basically the server would have to accept root creds but
> instead of translating them to a fixed uid it should allow the
> I/O operation to run as long as some non-root user would be able to
> do the I/O op.
This doesn't work with modes like 446 (which allow writing by everyone
not in a particular group).
Doesn't that amount to significantly reducing the security of NFS?
ISTR the original reason for "nobody" was that it was trivial to fake
root so the server would map it to an account with (effectively) no
privileges. This change would give root on a client (file) privileges
equal to the union of every non-root user on the server. In
particular, it appears that the server can't tell if a file was opened
for read or write so a client could open a file for reading (getting a
valid FH) and then write to it (even though it couldn't have opened the
file for writing).
--
Peter Jeremy
More information about the freebsd-stable
mailing list