Re: Security hole in linux-2.0.31-pre9 (NFS related)

Pavel Machek (pavel@atrey.karlin.mff.cuni.cz)
Tue, 7 Oct 1997 18:12:03 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Michael K. Johnson: "Re: suidpid( UID, credential? ) ? secure IPC?"
Previous message: Peeter Joot: "patch for CLONE_PID enhancements to clone()"
Next in thread: Theodore Y. Ts'o: "Re: suidpid( UID, credential? ) ? secure IPC?"
Reply: Theodore Y. Ts'o: "Re: suidpid( UID, credential? ) ? secure IPC?"

Hi!

> The file is on a NFS-mounted filesystem with root_squash, so root cannot
> read the file:
>
> Mandelbrot:/home/alex/mantel/Kernel # cat test
> cat: test: I/O error
> Mandelbrot:/home/alex/mantel/Kernel # cat test
> cat: test: Permission denied
>
> Now, after the owner has read the file on the same machine, it is readable
> by root afterwards:
>
> Mandelbrot:/home/alex/mantel/Kernel # cat test
> blabla

This _has_ to be this way. Imagine root su-ing to given user (he can
do that). Nono. You'll need all-squash.

Pavel

--
This is my little buggy signature...				Pavel
GCM d? s-: !g p?:+ au- a--@ w+ v- C++@ UL+++ L++ N++ E++ W--- M- Y- R+

Next message: Michael K. Johnson: "Re: suidpid( UID, credential? ) ? secure IPC?"
Previous message: Peeter Joot: "patch for CLONE_PID enhancements to clone()"
Next in thread: Theodore Y. Ts'o: "Re: suidpid( UID, credential? ) ? secure IPC?"
Reply: Theodore Y. Ts'o: "Re: suidpid( UID, credential? ) ? secure IPC?"