Re: [RFC] [PATCH] [SECURITY] tightening ioctl()'s

Albert D. Cahalan (acahalan@cs.uml.edu)
Mon, 5 Jul 1999 11:09:40 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jes Sorensen: "Re: linux headers and C++"
Previous message: Jamie Lokier: "Re: linux headers and C++"

>>> No, the SETVERSION is designed for use by NFS servers, and they should
>>> be able to make the call with the fsuid of the requesting user.
>>
>> The above doesn't change the behavior you like AFAIK.
>> You will generally need EUID to be root, but fsuid can be anything.
>> This is good behavior.
>
> Huh? You don't want to restrict it to euid or ruid root: all that the
> nfs server should need is fsuid capability. Root shouldn't be an
> issue at all.

Well, root gets all the capabilities. You should need a capability to be
able to play with file generation numbers, and another to play with fsuid.
Being non-root is fine if you can get the capabilities some other way.

I don't see why the NFS server would need to _set_ the file generation
numbers. I'd guess it is broken. File generation numbers are used by
the NFS server and set by the filesystem code.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jes Sorensen: "Re: linux headers and C++"
Previous message: Jamie Lokier: "Re: linux headers and C++"