Re: UID/GID mapping system

From: Søren Hansen
Date: Wed Mar 10 2004 - 13:02:32 EST

ons, 2004-03-10 kl. 16:28 skrev Jesse Pollard:
> > Er.. no. I just use the uid_t and gid_t. Are they 64bit?
> 32 bits currently.

Ok.. But those are the data types in use in the v-nodes, right?

> > > and unlimited number of groups assigned to a single user?
> > No. That's not my problem, is it? I just provide the mapping system.
> but the mapping system has to be able to handle it.

How do you figure that?

> > The maps are on the client, so that's no issue. The trick is to make it
> > totally transparent to the filesystem being mounted, be it networked or
> > non-networked.
> The server cannot trust the clients to do the right thing.

The server can't trust the client as it is now anyway. The client can do
whatever it wants already. There is no security impact as I see it.

> The server cannot trust the client.

I know! That's an entirely different issue. The very nanosecond you give
another machine access to your filesystem, you're up shit creek anyway.
The only difference between the way things are now and after the system
I'm suggesting is in place, is that the ownerships will look sane on the
client. What possible extra security implications could this cause?

> Since different organizations are in charge of the server, how can that server trust
> the client?

Please explain how you in any way can trust a client mounting an nfs
export from your server? You can't. All you can do is keep your fingers
crossed and your hacksaw sharpened (in case you want a more hands-on
security scheme). Maps or no maps, this is the same issue.

> A violation (even minor) on the client could cause a significant
> violation of the server.

Yes. Just like it can now.

> As in a shipping department mounting a server, and a financial client
> mounting from the same server - a violation on the shipping client COULD
> expose financial data; and the server not even know. Or worse - the
> shipping depeartment has been outsourced...
> The server MUST control access to its resources.

Yes. As always.

If you have an idea for a patch that fixes all these issues, I'll more
than happy to see it.

Søren Hansen <sh@xxxxxxxx>

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at