Miklos Szeredi wrote: > > Yes, for NFSv2, this test in nfs_permssion(): > > > > if (!NFS_PROTO(inode)->access) > > goto out; > > I've seen that, I just thought that was for some broken servers not > for all NFSv2 servers. > > Anyway that's been fixed in NFSv3, so obviously the "permission > checking on both sides" wasn't optimal :) > > > And for either version of NFS, if the uid and gid are non-zero, and > > the permission bits indicate that an access is permitted, then the > > client does not consult the server for permission. > > Where's that? I see no such check.
/* * Trust UNIX mode bits except: * * 1) When override capabilities may have been invoked * 2) When root squashing may be involved * 3) When ACLs may overturn a negative answer */ if (!capable(CAP_DAC_OVERRIDE) && !capable(CAP_DAC_READ_SEARCH) && (current->fsuid != 0) && (current->fsgid != 0) && error != -EACCES) goto out; -- Jamie - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/