*BSD News Article 59533


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mel.connect.com.au!munnari.OZ.AU!spool.mu.edu!howland.reston.ans.net!newsfeed.internetmci.com!inet-nntp-gw-1.us.oracle.com!news.caldera.com!news.cc.utah.edu!park.uvsc.edu!usenet
From: Terry Lambert <terry@lambert.org>
Newsgroups: comp.unix.bsd.freebsd.misc,comp.unix.bsd.netbsd.misc
Subject: Re: NFS woes
Date: 13 Jan 1996 07:40:43 GMT
Organization: Utah Valley State College, Orem, Utah
Lines: 50
Message-ID: <4d7nls$etu@park.uvsc.edu>
References: <qyivihla5i.fsf@scotch.eua.ericsson.se>
NNTP-Posting-Host: hecate.artisoft.com
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:12484 comp.unix.bsd.netbsd.misc:1937

seb@erix.ericsson.se (Sebastian Strollo) wrote:
] [This problem probably exists on more OS:s than {Free,Net}BSD, but that
] is what I am using.]
] 
] At our site we have our home directory mounted over nfs with the
] -maproot=nobody (a not to unusual way of having it(?)). But it seems
] that if a file that e.g. has permisions 0600 and owned by a user is in
] the cache root can read it? Below is an example (with my home
] directory NFS mounted).

I am permitted to create a file with such a mode as will preclude
me reopening it, yet continue to have it open as a result of the
create.

NFS accounts for this by treating the open instance seperately.

Remember that when an operation occurs that violates the modes
on a locally open file, the existing descriptor to the file
constitutes defacto state for the file.

That is, access controls are associated with the open instance,
not with the on disk inode when checking is performed.

Because NFS is stateless, it must make an exception to the allowed
semantic to prevent the statelessness from preventing the access.

In other words, it assumed that the access would be enforced by
the client and disabled it on the server.  This is a case of
nfs file number vs. lookup enforcement at time of open.


So either "don't do that" or "don't use NFS if you must do that".

If you "must do that and must use NFS"... well, quit yer bitchin'.

8-).

There are at least 6 or 8 similar "anomolies" based on the
statelessness of NFS and the inherent statefulness of some file
system operations.

For instance, you can escape a chroot fairly easily (think about
it).


                                        Terry Lambert
                                        terry@cs.weber.edu
---
Any opinions in this posting are my own and not those of my present
or previous employers.