DragonFly commits List (threaded) for 2009-08
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]
git: nfs: init real/saved uid/gid in server-side credentials
| From: | Nicolas Thery <nth@xxxxxxxxxxxxxxxxxxxxxxx> |
| Date: | Sun, 23 Aug 2009 21:59:43 -0700 (PDT) |
commit c83849b3cf4ede85c7c7b1b7c90b20cb817b3285
Author: Nicolas Thery <nthery@gmail.com>
Date: Sun Aug 23 21:04:21 2009 +0200
nfs: init real/saved uid/gid in server-side credentials
When unmarshalling a request, the server constructs a ucred
structure (nfsrv_descript.nd_cr) from the credential data in the
RPC. It initializes only the effective uid and gid and leaves
the real and saved uid/gid unitialized. This effectively sets
the real/effective ids to root because nd_cr is first
bzero()'ed.
As a consequence, now that accept(2) checks real uid/gid, all
accept calls to NFS files incorrectly succeed.
Fix this by initializing the real and saved uid/gid in nd_cr to
the same values as the real uid/gid (only the real uid/gid are
RPC'ed to the server).
NOTE: accept(2) and faccessat(2) to NFS files are still broken
in part because the client sends the effective uid/gid to the
server. I'll fix this once I've groked the uid magic in the NFS
code.
Summary of changes:
sys/vfs/nfs/nfs_socket.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/c83849b3cf4ede85c7c7b1b7c90b20cb817b3285
--
DragonFly BSD source repository
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]