Date: Wed, 19 Jun 2002 17:02:16 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Martin Faxer <gmh003532@brfmasthugget.se> Cc: freebsd-fs@FreeBSD.ORG Subject: Re: a bunch of questions Message-ID: <12747.1024498936@critter.freebsd.dk> In-Reply-To: Your message of "Wed, 19 Jun 2002 16:41:11 %2B0200." <20020619144111.GA1352@lockdown.spectrum.fearmuffs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20020619144111.GA1352@lockdown.spectrum.fearmuffs.net>, Martin Faxe r writes: >hello! > >i'm trying to make some sense of vfs and here comes a mail with >basically (as the subject says) a bunch of questions: > >1) why is it preferred to do the permissions checking in the > actual file system specific code instead of vfs_[n]mount()? Because not all filesystems need or indeed want the same permissions checks. Some filesystems don't even have a device (DEVFS, procfs, unionfs etc) >2) in the statfs() code the f_fsid is zeroed out in the !superuser > case. after some searching and cross-checking with OpenBSD i'm > lead to believe that this is because of a potential NFS insecurity > if any user is able to see the f_fsid. does anybody know more > about this ? can a check be added like: I belive it is because of the NFS. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-fs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12747.1024498936>