* Thomas Quinot <[EMAIL PROTECTED]> [010412 11:06] wrote:
> Le 2001-04-12, Alfred Perlstein écrivait :
>
> > m: "Don't call me dude." *thwack* "The point is that if the
> > workstation is untrusted, what's the stop the mallicious hacker
> > from taking a read-only filehandle and swapping the top byte with
> > the byte required for write access?"
>
> The kernel could include a 'signature' in the handle, e.g. in the form of
> a hash of (perm-bytes,handle-bytes,secret-key).
>
> (But the following still holds:)
>
> > s: "Master, this sounds like hella work!"
> (plus some crypto algorithm right in kernel space...)
>
> > m: "Ahhhh, you are correct, now get cracking!"
None of that would protect you when a single client has two
exports available, one read and one write on the same filesystem.
A machine with just / that exports /usr and /var with different
perms... (/usr is rw, /var is ro)
Well the untrusted client can use the "magic" from the /usr
to access /var rw instead of ro.
It's actually not that big of a deal to attach the client/perms
though so that seperate machines can access the same mount
point differently.
--
-Alfred Perlstein - [[EMAIL PROTECTED]|[EMAIL PROTECTED]]
http://www.egr.unlv.edu/~slumos/on-netbsd.html
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
