From owner-cvs-all  Sun Nov 11 14:50:25 2001
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6E51A37B426; Sun, 11 Nov 2001 14:50:12 -0800 (PST)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id fABMo3B16690;
	Sun, 11 Nov 2001 17:50:03 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Sun, 11 Nov 2001 17:50:03 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: Alfred Perlstein <alfred@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, kris@FreeBSD.org
Subject: Re: cvs commit: src/sys/sys vnode.h src/sys/nfsclient nfs_lock.c src/sys/kern vfs_vnops.c
In-Reply-To: <20011111164140.H89342@elvis.mu.org>
Message-ID: <Pine.NEB.3.96L.1011111174859.16646A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


Actually, if you just want to go through and change vn_open() to always
accept a cred argument, that would be fine too :-). 

Note that this still has odd effects regarding chroot(), but those are far
less serious than the problem you just fixed.

Thanks,

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Sun, 11 Nov 2001, Alfred Perlstein wrote:

> * Alfred Perlstein <alfred@FreeBSD.org> [011111 16:39] wrote:
> > alfred      2001/11/11 14:39:07 PST
> > 
> >   Modified files:
> >     sys/sys              vnode.h 
> >     sys/nfsclient        nfs_lock.c 
> >     sys/kern             vfs_vnops.c 
> >   Log:
> >   turn vn_open() into a wrapper around vn_open_cred() which allows
> >   one to perform a vn_open using temporary/other/fake credentials.
> >   
> >   Modify the nfs client side locking code to use vn_open_cred() passing
> >   proc0's ucred instead of the old way which was to temporary raise
> >   privs while running vn_open().  This should close the race hopefully.
> 
> And on -security there was much rejoicing. :)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message