Subject: Re: NFS access, was UBC...
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Frank van der Linden <fvdl@netbsd.org>
List: tech-kern
Date: 12/08/2003 18:28:14
On Mon, Dec 08, 2003 at 12:02:07PM -0500, Thor Lancelot Simon wrote:
> The one gotcha is that when using a gross hack like we do
> for AUTH_UNIX, one needs to be careful not to allow _more_ rights than
> were allowed at open() time, lest one create a security problem that can
> be exploited by opening a file the owner doesn't have write permission
> to, for example, then using that descriptor to write it after the open.

The checks for that are all in the layers above, so that isn't a problem.

- Frank

-- 
Frank van der Linden                                            fvdl@netbsd.org
===============================================================================
NetBSD. Free, Unix-like OS. > 45 different platforms.    http://www.netbsd.org/