From owner-freebsd-security Fri Mar 7 06:30:24 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id GAA15408 for security-outgoing; Fri, 7 Mar 1997 06:30:24 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id GAA15394 for ; Fri, 7 Mar 1997 06:30:21 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM) id AA26267; Fri, 7 Mar 1997 09:30:13 -0500 Date: Fri, 7 Mar 1997 09:30:13 -0500 From: Garrett Wollman Message-Id: <9703071430.AA26267@halloran-eldar.lcs.mit.edu> To: "Daniel O'Callaghan" Cc: freebsd-security@freebsd.org Subject: 4.4BSD NFS File Handles (fwd) In-Reply-To: References: Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > if (suser(p->p_ucred, &p->p_acflag)) { > sb->st_gen = 0; > } else { > sb->st_gen = vap->va_gen; > } This test is bogus. The problem is that is causes p_acflag to get the ``used superuser privileges'' bit set every time a root process calls stat(). Since most processes call stat() at least once in their lifetime, this would make p_acflag completely useless. I'm certainly willing to live with not making this information available through the stat(2) interface at all. Any process with appropriate privilege can simply read the information off the disk anyway, so I don't see any benefit in having it here. (A process with appropriate privilege can also call getfh(2) and parse the returned handle.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick