[RFC] remove "broken_suid" nfs mount option

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Frank van Maarseveen <frankvm@xs4all.nl>
To: linux-kernel@vger.kernel.org
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: [RFC] remove "broken_suid" nfs mount option
Date: Mon, 6 Sep 2004 21:39:56 +0200	[thread overview]
Message-ID: <20040906193956.GB859@janus> (raw)
In-Reply-To: <1094421823.8081.44.camel@lade.trondhjem.org>

This has been discussed first on the nfs mailing list. Summary:

> To: Trond Myklebust
> Cc: Linux NFS mailing list
> Subject: [NFS] broken_suid mount option
> Date: Sun, 5 Sep 2004 23:37:02 +0200
> 
> Is this thing useful anymore? Google came up with this patch submission
> and description from you:
> 
> http://www.ussg.iu.edu/hypermail/linux/kernel/0010.1/1178.html

 "To summarize the feature:
  
    The old NFS had a feature whereby if a setuid process failed due to
  EACCES or EPERM, the RPC engine would drop the privileged credentials,
  and retry using the uid/gid (instead of fsuid/fsgid).
    Of course, this sort of thing may be a security problem, so in 2.4.x
  (and in 2.2.18pre) it has been disabled by default. Unfortunately some
  broken programs rely on this silliness instead of bothering to
  dropping privileges themselves (the setuid version of xterm trying to
  read ~/.Xauthority being one of the more prominent offenders); hence
  the decision to make a new mount option..."


On Sun, Sep 05, 2004 at 06:03:43PM -0400, Trond Myklebust wrote:
> 
> If people agree that we can remove it, then I'll take the patch. The
> whole point of making it a mount option (rather than the default as used
> to be the case earlier) was to allow us to deprecate it.
> 
> Note, though, that we should take this one too to lkml in order to get a
> proper concensus.
> 

-- 
Frank

     prev parent reply	other threads:[~2004-09-06 19:40 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-09-05 21:37 broken_suid mount option Frank van Maarseveen
2004-09-05 21:43 ` Trond Myklebust
2004-09-05 21:55   ` Frank van Maarseveen
2004-09-05 22:03     ` Trond Myklebust
2004-09-06 19:39       ` Frank van Maarseveen [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20040906193956.GB859@janus \
    --to=frankvm@xs4all.nl \
    --cc=linux-kernel@vger.kernel.org \
    --cc=trond.myklebust@fys.uio.no \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.