Date: Thu, 5 Apr 2001 18:18:44 +1000 (EST) From: Bruce Evans <bde@zeta.org.au> To: Terry Lambert <tlambert@primenet.com> Cc: Robert Watson <rwatson@FreeBSD.ORG>, freebsd-arch@FreeBSD.ORG, dillon@FreeBSD.ORG Subject: Re: Eliminate crget() from nfs kernel code? Message-ID: <Pine.BSF.4.21.0104051805550.46796-100000@besplex.bde.org> In-Reply-To: <200104050038.RAA03316@usr08.primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 5 Apr 2001, Terry Lambert wrote: > [ ... crget() ... ] > > I am not too happy with crget() at the moment. Even discounting > the fact that it calls MALLOC(), and does not check the results > (the new [BAD] semantics permit this to fail under extremely low > memory conditions [FOR NO GOOD REASON] instead of hanging), it is New [BAD] semantics for malloc(..., M_WAITOK) would require some dead bodies :-). I haven't seen any. > If you "fix" crget(), you will also need to fix crdup(). There > are plenty of places where crdup() is called, not just in the > access() system call, where it is bogusly used to replace _only_ > the initial group of the real GID, leaving the groups of the > effective UID active, falsely yielding access to the file, even > if the real UID would have not have contained the same group list > as the effecive UID (gotta love "security" code). This just how access() works. It checks the access that you would have setting the IDs to the real ones. Setting the IDs to the real ones has no effect on the groups list except possibly for removing/ changing the effective GID if that is on the list. Bruce To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0104051805550.46796-100000>