From: Colin Paton <colin.paton@etvinteractive.com>
To: linux-kernel@vger.kernel.org
Subject: Re: Possible permissions bug on NFSv3 kernel client
Date: Tue, 04 May 2004 10:55:20 +0100 [thread overview]
Message-ID: <1083664520.4538.42.camel@colinp> (raw)
In-Reply-To: <1083357597.13656.37.camel@lade.trondhjem.org>
Hi,
> So why do you think that is inconsistent with my statement: "the
> permissions checking has to be done by the server, period"?
I agree that permission checking should be done by the server. However,
I believe that in this case the client is requesting the wrong
permissions. As writing to a char/block device does not perform a write
operation *on the server* then the client should not be asking the
server for modify/extend permission in the case of char/block devices.
> The read-only mount option does *not apply* to char/block devices such
> as /dev/hd[a-z]*, /dev/tty*. Permission checks on open() for those
> devices are done on the server *only* via the ACCESS rpc call.
Should vfs_permission() (as called from nfs_permission) be sufficient to
perform this check?
>
> This should be entirely consistent with local file behaviour.
I don't believe that it is... it is possible to write to a block device
on a filesystem that is mounted read-only, but not to write to a block
device on an NFS filesystem that is *exported* read-only.
I think that nfs_permission() may do sufficient checking - I believe the
problem is in nfs3_proc_access() - where the client is asking the server
for more permissions than it needs.
Colin
next prev parent reply other threads:[~2004-05-04 9:53 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1QqNJ-4QH-37@gated-at.bofh.it>
[not found] ` <1QqNJ-4QH-39@gated-at.bofh.it>
[not found] ` <1QqNJ-4QH-35@gated-at.bofh.it>
[not found] ` <1Qrhg-5hH-29@gated-at.bofh.it>
2004-04-30 20:17 ` Possible permissions bug on NFSv3 kernel client Pascal Schmidt
2004-04-30 20:39 ` Trond Myklebust
2004-05-01 10:54 ` Pascal Schmidt
2004-05-04 9:55 ` Colin Paton [this message]
2004-05-04 13:52 ` Trond Myklebust
[not found] <1QhAA-5zc-13@gated-at.bofh.it>
[not found] ` <1QnPD-2pg-1@gated-at.bofh.it>
2004-04-29 20:49 ` Pascal Schmidt
2004-04-29 21:17 ` Trond Myklebust
2004-04-29 11:02 Colin Paton
2004-04-29 17:39 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1083664520.4538.42.camel@colinp \
--to=colin.paton@etvinteractive.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.