Path: utzoo!utgpu!watserv1!watmath!att!pacbell.com!mips!samsung!ginsburg From: ginsburg@samsung.COM (Scott Ginsburg) Newsgroups: comp.protocols.nfs Subject: Re: Why not export /fs /fs/subdir? Message-ID: <25719@samsung.samsung.com> Date: 19 Jun 91 21:46:46 GMT References: <1991Jun17.224716.4729@Think.COM> <1991Jun18.040038.15141@Think.COM> Organization: Samsung Software, Andover MA. Lines: 45 barmar@think.com (Barry Margolin) writes: >In article thurlow@convex.com (Robert Thurlow) writes: >>In <1991Jun17.224716.4729@Think.COM> barmar@think.com (Barry Margolin) writes: >>>While most NFS implementations won't allow foo to access bar's partition, a >>>superuser on foo could easily write a program that sends fake NFS requests, >>>and then access server:/export/root/foo/../bar. >>/export/root/foo/.. is a directory vnode on the client machine, which >>has no member 'bar' unless you've created one there. Remember that >>pathname lookups always happen one component at a time over NFS so that >>a standard directory separator doesn't have to be defined. >What do vnodes have to do with anything? My point about "fake NFS >requests" was that a user-written program could send the following RPC >operations (I'm using pseudocode, not precise representations of the >procedure calls): > mount_handle = Mount("/export/root/foo"); > outer_handle = Lookup(mount_handle, ".."); > bar_handle = Lookup(outer_handle, "bar"); >-- >Barry Margolin, Thinking Machines Corp. >barmar@think.com >{uunet,harvard}!think!barmar This actually doesn't work, at least when the server is a Sun machine. Assuming /etc/exports contains /export/root/foo and /export/root/bar mount_handle = Mount("/export/root/foo"); returns OK outer_handle = Lookup(mount_handle, ".."); returns OK bar_handle = Lookup(outer_handle, "bar"); returns NFSERR_NOENT The server is smarter than you think! Scott