>>>>> " " == Jesse Pollard <jesse@cats-chateau.net> writes:
> You do have to remember that any NFS export gives IMPLICIT
> access to the entire filesystem (it is the device number that
> is actually exported). If the attacker can generate
> device:inode number, then that file reference can be opened. I
> haven't read/seen anything yet that has said different.
Not entirely true. The default under Linux is to enable subtree
checks. This means that knfsd must establish that the file being
accessed lies within a subtree the head of which is the export point.
This wreaks havoc with cross-directory renames etc, so a lot of people
disable it, however it is a slightly safer default...
Of course if you start playing with the idea of hard linked
directories then subtree checks are no longer an option as the path
connecting an export point and the file is no longer guaranteed to be
unique (and some paths may not even be finite).
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 07 2003 - 22:00:29 EST