From: "J. Bruce Fields" <bfields@fieldses.org>
To: Andreas Amann <amann@physik.tu-berlin.de>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>,
Linus Torvalds <torvalds@osdl.org>,
Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: 2.6.6 breaks kmail (nfs related?)
Date: Fri, 21 May 2004 23:40:03 -0400 [thread overview]
Message-ID: <20040522034003.GA6415@fieldses.org> (raw)
In-Reply-To: <20040521230545.GA787@bill.physik.tu-berlin.de>
On Sat, May 22, 2004 at 01:05:45AM +0200, Andreas Amann wrote:
> On Fri, May 21, 2004 at 12:40:02PM -0400, Trond Myklebust wrote:
> >
> > Hmm... It looks to me as if you are exporting that filesystem with the
> > "subtree_check" option enabled. Could you try to set "no_subtree_check"?
>
> Thanks for that one, with "no_subtree_check" the problem disappears!
> What is the disadvantage of this option?
With "no_subtree_check" the server will not attempt to verify that a
given filehandle points to a file that is beneath an exported directory;
thus an attacker can guess filehandles of files not beneath any exported
directory and use those guessed filehandles to acces files you didn't
mean to export.
Even with "no_subtree_check", the server can still recognize which
filesystem a filehandle belongs to; so you're only in trouble if you
have files you don't want exported on the same partition as files you do
want exported.
See "man exports" for more.
--Bruce Fields
next prev parent reply other threads:[~2004-05-22 3:40 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-05-13 12:11 2.6.6 breaks kmail (nfs related?) Andreas Amann
2004-05-16 4:46 ` Linus Torvalds
2004-05-16 17:59 ` Trond Myklebust
2004-05-16 18:10 ` Trond Myklebust
2004-05-16 18:19 ` Linus Torvalds
2004-05-16 18:47 ` Trond Myklebust
2004-05-16 18:50 ` Linus Torvalds
2004-05-16 19:10 ` Trond Myklebust
2004-05-17 11:31 ` Andreas Amann
2004-05-17 15:55 ` Trond Myklebust
2004-05-21 15:27 ` Andreas Amann
2004-05-21 16:40 ` Trond Myklebust
2004-05-21 23:05 ` Andreas Amann
2004-05-22 3:40 ` J. Bruce Fields [this message]
2004-05-17 21:35 ` Matthias Urlichs
2004-05-17 6:35 ` Norberto Bensa
2004-05-17 7:14 ` Andrew Morton
2004-05-17 17:35 ` Andrew Morton
2004-05-17 18:01 ` Trond Myklebust
2004-05-17 16:17 ` Frank van Maarseveen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040522034003.GA6415@fieldses.org \
--to=bfields@fieldses.org \
--cc=amann@physik.tu-berlin.de \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.