Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Aug 1999 17:49:23 -0500 (CDT)
From:      David Scheidt <dscheidt@enteract.com>
To:        Matthew Dillon <dillon@apollo.backplane.com>
Cc:        Warner Losh <imp@village.org>, Garance A Drosihn <drosih@rpi.edu>, hackers@FreeBSD.ORG
Subject:   Re: lpd security check for changed-file vs NFS 
Message-ID:  <Pine.NEB.3.96.990818174328.78404B-100000@shell-2.enteract.com>
In-Reply-To: <199908182237.PAA49807@apollo.backplane.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 18 Aug 1999, Matthew Dillon wrote:

> :For the general case (eg the code checked into the system), the check
> :needs to remain enabled.  Anything else is insecure.
> :
> :Warner

Oh, absolutely.  However, one of the reasons people use an operating system
they have source to is to make it work for them.  

> 
>     I have to agree... whenever one starts discussing weird, esoteric 
>     workarounds one inevitably introduces security holes.  I really think 
>     just disabling the -s option may be the best solution.

It is apparent that I was unclear.  What I meant was use the fstat test for 
local files.  For NFS mounted files, don't use the test, since it doesn't
work, and don't allow the the -s option.  (Better would be to accept, and
ignore the -s, perhaps producing a warning?) 

David Scheidt



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96.990818174328.78404B-100000>