Re: VFS / struct inode_operation: Extend permission() + add syscall?

Aaron Denney (wnoise@ugcs.caltech.edu)
5 Oct 1999 19:49:24 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chuck Lever: "Re: [PATCH] IA32 SMP spinlock metering"
Previous message: Sam Gendler: "Re: socket close() weirdness in 2.2 kernels"
Maybe in reply to: Andreas Gruenbacher: "VFS / struct inode_operation: Extend permission() + add syscall?"

Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> wrote:
> >Daemons like Samba now need to fork(), and change owner
> >to tested permissions. It seems more reasonable to
> >allow root to test permissions via a system call.
>
> NFS doesn't have that need - the specific server process just changes its
> own effective UID, then switches back afterward.

Not quite. The userspace NFS server used to do this, but it has a
security flaw. While the NFS server is servicing a user request, it can
be killed by the user. This caused a new system-call variant to be added,
setfsuid(), that would only affect the UID for file accesses.

Samba could use this approach as well, but it would only work on Linux.

-- Aaron Denney -><-

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Chuck Lever: "Re: [PATCH] IA32 SMP spinlock metering"
Previous message: Sam Gendler: "Re: socket close() weirdness in 2.2 kernels"
Maybe in reply to: Andreas Gruenbacher: "VFS / struct inode_operation: Extend permission() + add syscall?"