Re: UID/GID mapping system

From: J. Bruce Fields
Date: Thu Mar 11 2004 - 11:08:35 EST

Next message: Paul Fulghum: "[PATCH] 2.6.4 synclinkmp.c"
Previous message: David Fort: "Unkillable Zombie process under 2.6.3 and 2.6.4"
In reply to: Jesse Pollard: "Re: UID/GID mapping system"
Next in thread: Jesse Pollard: "Re: UID/GID mapping system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 11, 2004 at 08:08:31AM -0600, Jesse Pollard wrote:
> On Wednesday 10 March 2004 17:46, Andreas Dilger wrote:
> > If the client is trusted to mount NFS, then it is also trusted enough not
> > to use the wrong UID. There is no "more" or "less" safe in this regard.
>
> It is only trusted to not misuse the uids that are mapped for that client. If
> the client DOES misuse the uids, then only those mapped uids will be affected.
> UIDS that are not mapped for that host will be protected.
>
> It is to ISOLATE the penetration to the host that this is done. The server
> will not and should not extend trust to any uid not authorized to that host.
> This is what the UID/GID maps on the server provide.

You're making an argument that uid mapping on the server could be used
to provide additional security; I agree.

I don't believe you can argue, however, that providing uid mapping on
the client would *decrease* security, unless you believe that mapping
uid's on the client precludes also mapping uid's on the server.

--Bruce Fields
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Fulghum: "[PATCH] 2.6.4 synclinkmp.c"
Previous message: David Fort: "Unkillable Zombie process under 2.6.3 and 2.6.4"
In reply to: Jesse Pollard: "Re: UID/GID mapping system"
Next in thread: Jesse Pollard: "Re: UID/GID mapping system"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]