Re: knfsd and system crashes

Steven S. Dick (ssd@nevets.oau.org)
Sat, 15 Nov 1997 01:29:54 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Magnus Ahltorp: "fs mailing list"
Previous message: Claus-Justus Heine: "[ANNOUNCE] ftape-3.04b"
In reply to: Richard B. Johnson: "Apache seg-faults"

Martin von Loewis writes:
>The Linux VFS currently offers the iget function to retrieve an inode
>when given an inode number.
[...]
>this is IMHO the route to go.
[...]
>Searching the entire volume is not an option, IMHO - at least not on
>file systems that have the clear notion of inode numbers.

I think a direct iget to retrieve the inode from the NFS file handle
is probably a good idea when all other options fail. However, I am
concerned that this may add security holes.

What is to stop an attacker from generating bogus NFS filehandles
containing inode numbers of files that would otherwise not be accessable?
At the very least, I would think a check of the parent directories'
permissions would be a good idea?

Or am I just silly in thinking that a server exporting NFS partitions
has any semblance of security?

Steve
ssd@nevets.oau.org

Next message: Magnus Ahltorp: "fs mailing list"
Previous message: Claus-Justus Heine: "[ANNOUNCE] ftape-3.04b"
In reply to: Richard B. Johnson: "Apache seg-faults"