From: Frank van Maarseveen <frankvm@xs4all.nl>
To: nfs@lists.sourceforge.net
Subject: Re: executable but not readable
Date: Mon, 29 Mar 2004 01:59:52 +0200 [thread overview]
Message-ID: <20040328235952.GA10174@janus> (raw)
In-Reply-To: <1080517611.5553.115.camel@lade.trondhjem.org>
On Sun, Mar 28, 2004 at 06:46:51PM -0500, Trond Myklebust wrote:
> P=E5 lau , 27/03/2004 klokka 07:17, skreiv Frank van Maarseveen:
> > On Fri, Mar 26, 2004 at 02:17:51PM -0500, Trond Myklebust wrote:
> > >=20
> > > In NFSv3, the ACCESS call should then be used to decide whether or not
> > > the client is allowed to open the file for execution (and for reading=
if
> > > that is required). Unfortunately ACCESS is not implemented in the sto=
ck
> > > Linux 2.4.x kernel.
> >=20
> > So the kernel does its own permission checking on the client side
> > for executables _knowing_ that it is going to execute the file but
> > unfortunately the interpreter has to open the file by itself and that
> > fails.
>=20
> No... The kernel should do permission checking for execute, then opens
> the file for reading (overriding the read permissions since this is the
> kernel).
>=20
> Unfortunately, the server is broken, and failing to follow RFC1813 when
> it comes to allowing reads on executables.
I don't understand this. The server doesn't see the difference between
a read for "read" purposes and a read for "execute" purposes IIRC. How
can the server then be broken?
>=20
> > But from a different perspective:
> >=20
> > Being able to create a (non-setuid) executable which cannot be read
> > for security reasons looks very weak to me unless of course it is not
> > possible to let it dump core, strace (ptrace) it, open /proc/... files
> > etc. But is that all actually the case in 2.6?
>=20
> Sounds like a good test of the 2.6 VFS. Have you tried it?
um, no, that's why I asked it. If security fails here and if it's
insolvable then it is a reason to drop the client side ACCESS check in 2.6
for read versus execute permission because it wouldn't buy you anything.
--=20
Frank
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
NFS maillist - NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs
next prev parent reply other threads:[~2004-03-29 0:00 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-03-25 18:00 executable but not readable Christopher Huhn
2004-03-25 18:37 ` Trond Myklebust
2004-03-26 10:48 ` Christopher Huhn
2004-03-26 19:17 ` Trond Myklebust
2004-03-27 12:17 ` Frank van Maarseveen
2004-03-28 23:46 ` Trond Myklebust
2004-03-28 23:59 ` Frank van Maarseveen [this message]
2004-03-29 1:00 ` Trond Myklebust
2004-03-29 11:35 ` Christopher Huhn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040328235952.GA10174@janus \
--to=frankvm@xs4all.nl \
--cc=nfs@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.