On Fri, 16 Jun 2000, Trond Myklebust wrote:
> Read the NFSv4 draft specs. Even Sun now acknowledges that such
> behaviour may exist. Linux is not the only system that refuses to
> recognize the inode as the second coming.
>
> While I'd be the first person to welcome a file handle that was not
> directory specific (makes inode + dentry revalidation on the client 10
> times easier) I must admit that there is a point here:
> Given the number of Linux newbies who create 1 huge partition on their
> single IDE drive and then plonk their entire system on it, I think we
> should at least try to make it difficult for outsiders to write to
> /etc/passwd. After all it's not more than a week since we discovered
> another hole (setuid+capabilities) due to leaving to much up to the
> user...
Let me get it straight - you are talking about dumb users who
1) do r/w NFS exports on potentially hostile network
2) don't squash root or have world-writable /etc/passwd.
And I thought that I was cynical... Normally these newbies have Linux on
their boxen at home, so it's hardly an issue. If they are pulling
unauthorised stuff like that in the $ORKPLACE - well, YMMV, but I would
break their fingers for such attempts. Bone after bone. Slowly. With
rubber mallet. And if they are admins - sorry, with that level of
cluelessness NFS will be the least of their problems.
IOW, what additional security does it buy you? If you don't have
root (preferably all low UIDs/GIDs) squashed - that's it. Ditto for
having world-writable stuff. All problems with filling the filesystem
are still there. Namespace modifications (creation/removal/renaming
of any objects outside of the subtree) are impossible. Access to existing
files is possible if you have them writable for non-squashed UID, which is
normally an indication of bad problems anyway - when was the last time
you've seen quota on / for bin?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:36 EST