Date: Fri, 8 Dec 1995 12:23:50 GMT From: simonm@dcs.gla.ac.uk To: FreeBSD-gnats-submit@freebsd.org Subject: kern/876: NFS security bug Message-ID: <199512081223.MAA01316@solander.dcs.gla.ac.uk> Resent-Message-ID: <199512081230.EAA00936@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 876 >Category: kern >Synopsis: NFS allows bogus accesses to cached data >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Dec 8 04:30:01 PST 1995 >Last-Modified: >Originator: Simon Marlow >Organization: University of Glasgow >Release: FreeBSD 2.1.0-RELEASE i386 >Environment: (see below) >Description: root can access non-world-readable files on an NFS mounted partition that have been recently read ligitimately. >How-To-Repeat: As a normal user (say 'fred'), who has a home directory on an NFS mounted partition. The partition is exported with no special root access flags, so root should have access only to files which are world readable. % cat >a hello ^D % chmod 600 a As root: # more ~fred/a a: permission denied As fred: % cat a hello % As root: # cat ~fred/a hello >Fix: dunno :-) >Audit-Trail: >Unformatted: Simon Marlow
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199512081223.MAA01316>