DragonFly commits List (threaded) for 2009-08
DragonFly BSD
DragonFly commits List (threaded) for 2009-08
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

git: nfs: init real/saved uid/gid in server-side credentials


From: Nicolas Thery <nth@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 23 Aug 2009 21:59:43 -0700 (PDT)

commit c83849b3cf4ede85c7c7b1b7c90b20cb817b3285
Author: Nicolas Thery <nthery@gmail.com>
Date:   Sun Aug 23 21:04:21 2009 +0200

    nfs: init real/saved uid/gid in server-side credentials
    
    When unmarshalling a request, the server constructs a ucred
    structure (nfsrv_descript.nd_cr) from the credential data in the
    RPC.  It initializes only the effective uid and gid and leaves
    the real and saved uid/gid unitialized.  This effectively sets
    the real/effective ids to root because nd_cr is first
    bzero()'ed.
    
    As a consequence, now that accept(2) checks real uid/gid, all
    accept calls to NFS files incorrectly succeed.
    
    Fix this by initializing the real and saved uid/gid in nd_cr to
    the same values as the real uid/gid (only the real uid/gid are
    RPC'ed to the server).
    
    NOTE: accept(2) and faccessat(2) to NFS files are still broken
    in part because the client sends the effective uid/gid to the
    server.  I'll fix this once I've groked the uid magic in the NFS
    code.

Summary of changes:
 sys/vfs/nfs/nfs_socket.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/c83849b3cf4ede85c7c7b1b7c90b20cb817b3285


-- 
DragonFly BSD source repository



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]