Subject: Re: NFS access, was UBC...
To: None <rick@snowhite.cis.uoguelph.ca>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 12/08/2003 12:02:07
On Mon, Dec 08, 2003 at 11:31:49AM -0500, rick@snowhite.cis.uoguelph.ca wrote:
> 
> - For AUTH_GSS, I think it should probably use the authenticator for the
>   current client uid. (I could see an argument for using the authenticator
>   used for Open for V4, but since this isn't specified in the RFC, I think
>   it is, at best, a fallback, if the client uid authenticator gets
>   NFSERR_ACCES. I am an old-fashioned guy, so I still spell access with one
>   S:-)

If you don't use the same credentials used for the open() -- or, at
least, credentials with at _least_ the same rights to the file, as in
the AUTH_UNIX hack we're discussiong -- you'll end up violating Unix
semantics on the client side, whcih is unfortunate and will cause program
misbehaviour.  The one gotcha is that when using a gross hack like we do
for AUTH_UNIX, one needs to be careful not to allow _more_ rights than
were allowed at open() time, lest one create a security problem that can
be exploited by opening a file the owner doesn't have write permission
to, for example, then using that descriptor to write it after the open.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud