Re: UID/GID mapping system

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "Søren Hansen" <sh@warma.dk>
To: Jesse Pollard <jesse@cats-chateau.net>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: UID/GID mapping system
Date: Wed, 10 Mar 2004 18:58:46 +0100	[thread overview]
Message-ID: <1078941525.1343.19.camel@homer> (raw)
In-Reply-To: <04031009285900.02381@tabby>

ons, 2004-03-10 kl. 16:28 skrev Jesse Pollard:
> > Er.. no. I just use the uid_t and gid_t. Are they 64bit?
> 32 bits currently.

Ok.. But those are the data types in use in the v-nodes, right?

> > > and unlimited number of groups assigned to a single user?
> > No. That's not my problem, is it? I just provide the mapping system.
> but the mapping system has to be able to handle it.

How do you figure that?

> > The maps are on the client, so that's no issue. The trick is to make it
> > totally transparent to the filesystem being mounted, be it networked or
> > non-networked.
> The server cannot trust the clients to do the right thing.

The server can't trust the client as it is now anyway. The client can do
whatever it wants already. There is no security impact as I see it.

> The server cannot trust the client.

I know! That's an entirely different issue. The very nanosecond you give
another machine access to your filesystem, you're up shit creek anyway.
The only difference between the way things are now and after the system
I'm suggesting is in place, is that the ownerships will look sane on the
client. What possible extra security implications could this cause?

> Since different organizations are in charge of the server, how can that server trust
> the client?

Please explain how you in any way can trust a client mounting an nfs
export from your server? You can't. All you can do is keep your fingers
crossed and your hacksaw sharpened (in case you want a more hands-on
security scheme). Maps or no maps, this is the same issue.

> A violation (even minor) on the client could cause a significant
> violation of the server.

Yes. Just like it can now.

> As in a shipping department mounting a server, and a financial client
> mounting from the same server - a violation on the shipping client COULD
> expose financial data; and the server not even know. Or worse - the 
> shipping depeartment has been outsourced...
> The server MUST control access to its resources.

Yes. As always. 

If you have an idea for a patch that fixes all these issues, I'll more
than happy to see it.

-- 
Søren Hansen <sh@warma.dk>

next prev parent reply	other threads:[~2004-03-10 17:59 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-03-08 19:45 UID/GID mapping system Søren Hansen
2004-03-09 16:46 ` Jesse Pollard
2004-03-09 19:28   ` Søren Hansen
2004-03-10 15:28     ` Jesse Pollard
2004-03-10 17:58       ` Søren Hansen [this message]
2004-03-10 21:41         ` Jesse Pollard
2004-03-10 22:45           ` Trond Myklebust
2004-03-11  8:29             ` Søren Hansen
2004-03-11 14:31               ` Jesse Pollard
2004-03-11 14:45                 ` Søren Hansen
2004-03-11 15:58               ` J. Bruce Fields
2004-03-11 19:41               ` Trond Myklebust
2004-03-12  8:41                 ` Søren Hansen
2004-03-11 14:10             ` Jesse Pollard
2004-03-10 23:46           ` Andreas Dilger
2004-03-11 14:08             ` Jesse Pollard
2004-03-11 16:02               ` J. Bruce Fields
2004-03-12 13:58                 ` Jesse Pollard
2004-03-12 20:08                   ` J. Bruce Fields
2004-03-15 17:17                     ` Jesse Pollard
2004-03-15 17:49               ` Andreas Dilger
     [not found]             ` <fa.ct61k6d.bm43gj@ifi.uio.no>
2004-03-11 19:40               ` Kevin Buhr
2004-03-11 23:10                 ` Jamie Lokier
2004-03-12 14:49                 ` Pavel Machek
2004-03-11  8:22           ` Søren Hansen
2004-03-11 14:18             ` Jesse Pollard
2004-03-11 14:39               ` Søren Hansen
2004-03-12 13:52                 ` Jesse Pollard
2004-03-12 15:00                   ` Søren Hansen
2004-03-15 17:05                     ` Jesse Pollard
2004-03-16  8:08                       ` Søren Hansen
2004-03-09 19:28   ` Søren Hansen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1078941525.1343.19.camel@homer \
    --to=sh@warma.dk \
    --cc=jesse@cats-chateau.net \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox