Re: [PATCH] private mounts

From: Bryan Henderson
Date: Thu Apr 28 2005 - 13:00:24 EST


>This is why you have identity squashing and/or strong security: to stop
>the CLIENT administrator impersonating whoever he wants and working
>around your security measures.

That's more of a confirmation than a refutation of the statement that NFS
root squashing is broken. Root squashing itself simply does not squash a
typical system administrator's ability to get at other people's files.
"broken" isn't the right word, because as long as you recognize root
squashing for what it is, it's working as designed. It just isn't what it
appears to be.

But, in the context of the current thread, I think the perception of NFS
root squashing as something broken and not to be built upon with private
mounts has to do with the fact that it messes up Linux's basic file
permission scheme: a process with CAP_DAC_OVERRIDE can get EACCES.
EACCESS means discretionary access controls (DAC) prevent access. So this
behavior is unexpected and unnatural. Worse, an operation can succeed
_without_ CAP_DAC_OVERRIDE, but not _with_ it. I've seen this behavior
cause trouble a number of times -- mostly because it's entirely
unanticipated.

--
Bryan Henderson IBM Almaden Research Center
San Jose CA Filesystems
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/