Path: utzoo!attcan!uunet!mailrus!cs.utexas.edu!rice!sun-spots-request
From: jay@silence.princeton.nj.us (Jay Plett)
Newsgroups: comp.sys.sun
Subject: Re: Nested Exports
Keywords: Miscellaneous
Message-ID: <9469@brazos.Rice.edu>
Date: 29 Jun 90 00:08:59 GMT
Sender: root@rice.edu
Organization: Sun-Spots
Lines: 19
Approved: Sun-Spots@rice.edu
X-Refs:  Original: v9n234, Replies: v9n236
X-Sun-Spots-Digest: Volume 9, Issue 246, message 1

In article <9394@brazos.Rice.edu>, auspex!guy@uunet.uu.net (Guy Harris) writes:
> Because, even if that restriction didn't exist, you *still* couldn't
> securely export a whole partition to one machine and a restricted piece to
> another, if your intent was to restrict the access of the "another" to the
> rest of the tree.  The "another" could walk up the directory tree and get
> out of its restricted piece....

You can do that anyway.  I tried running Jan-Simon Pendry's amd (an
automounter) on DS3100s.  It managed to exercise some bug in Ultrix where
things like pwd wouldn't work because the kernel didn't recognize the
mount-point while walking up through it.  If a server (Sun, Convex,
Whatever) exports a sub-tree of a filesystem, you could have amd mount
this subtree on a DS3100, then do "cd /mount/point" followed by "cd .."
and walk right up into the server's parent of the exported directory.
Cute.  Just one of the reasons we found for getting rid of the DS3100s.
Still, if Ultrix can do it, no doubt any other O/S can be coaxed to do it
as well, given kernel sources.

	...jay