Re: [PATCH]: NFS: fix inadvertent reversion of mode bits during chown

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Peter Staubach <staubach@redhat.com>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Neil Horman <nhorman@tuxdriver.com>,
	nfs@lists.sourceforge.net, neilb@cse.unsw.edu.au,
	linux-kernel@vger.kernel.org, viro@zeniv.linux.org.uk
Subject: Re: [PATCH]: NFS: fix inadvertent reversion of mode	bits	during chown
Date: Thu, 15 Dec 2005 14:05:10 -0500	[thread overview]
Message-ID: <43A1BE66.4000107@redhat.com> (raw)
In-Reply-To: <1134672962.7956.9.camel@lade.trondhjem.org>

Trond Myklebust wrote:

>On Thu, 2005-12-15 at 13:19 -0500, Peter Staubach wrote:
>  
>
>>It seems to me that there is a third option.  That would be to provide the
>>proper synchronization to prevent such races.  Any callers wishing to use
>>either the mode or owners of the file should have validated the attributes
>>first, and if there is such a setuid/setgid operation going on, then block
>>them until that operation has completed.  Perhaps something like the
>>revalidate hook can be used by the NFS client to synchronize things.
>>    
>>
>
>That also requires the VFS change to move the KILL_SUID/KILL_SGID stuff
>from notify_change() and into inode_setattr()/the filesystem code.
>
>  
>

Well, that isn't exactly what I had in mind, but I would need to look at
the implementation more in order to describe a design better.

>>We already know that it is not safe to combine changing the mode and the
>>uid or gid in a single NFS SETATTR request.  The server may or may not allow
>>the owners to be changed and so, may or may not perform the mode change.  In
>>fact, it is not terribly safe to combine changing the uid or gid with any
>>other attributes in a single call.  This is an unfortunate fact of life
>>when attempting to be interoperable across a large variety of platforms.
>>    
>>
>
>Yes, but that is why I'd argue that a server claiming to support
>suid/sgid mode bits had better have a _very_ good reason if it fails to
>clear them when a client changes the uid/gid.
>

The most common reason that I have seen is that the server may not be a 
POSIX
based server and may not emulate all of these semantics correctly.  
There are
times when the client has to interoperate with a "broken" server and for 
those
instances, we do not very aesthetic things in the client to make up for it.

    Thanx...

       ps


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

next prev parent reply	other threads:[~2005-12-15 19:05 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-12-15 13:09 [PATCH]: NFS: fix inadvertent reversion of mode bits during chown Neil Horman
2005-12-15 14:14 ` Trond Myklebust
2005-12-15 14:49   ` Neil Horman
2005-12-15 14:57     ` Trond Myklebust
2005-12-15 16:38       ` Neil Horman
2005-12-15 16:48         ` Peter Staubach
2005-12-15 17:32           ` Trond Myklebust
2005-12-15 18:17             ` Neil Horman
2005-12-15 18:51               ` Trond Myklebust
2005-12-15 19:43               ` Neil Horman
2005-12-15 19:46                 ` Trond Myklebust
2005-12-15 19:51                   ` Neil Horman
2005-12-16 16:14                     ` Neil Horman
2006-01-24 13:27                       ` Neil Horman
2005-12-15 18:19             ` Peter Staubach
2005-12-15 18:56               ` Trond Myklebust
2005-12-15 19:05                 ` Peter Staubach [this message]
2005-12-15 16:50         ` Trond Myklebust

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43A1BE66.4000107@redhat.com \
    --to=staubach@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=neilb@cse.unsw.edu.au \
    --cc=nfs@lists.sourceforge.net \
    --cc=nhorman@tuxdriver.com \
    --cc=trond.myklebust@fys.uio.no \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.