Jesse Pollard <pollardat_private> said: ... >This calls for a fileserver (possibly using NFS) that can interpret >security permissions. For one part, the NFS server daemons need to be >able to determine whether access can be given (it IS acting on the >behalf of a file system). Current procedures require the NFS daemon >to switch UID/GID to the user BEFORE attempting to access the file. >This is error prone. It introduces a DoS attack (the user is able >to abort the daemon while it is doing the access). No, not in Linux, if I understand you correctly. The canonical method for doing this in Linux is to use setfsuid(2), a Linux extension. This forces the process to access all files as the given user, yet doesn't let the user send signals to the daemon. See the setfsuid(2) man page for more details. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Tue Apr 24 2001 - 14:05:48 PDT