Re: 2.6.6 breaks kmail (nfs related?)

From: J. Bruce Fields
Date: Fri May 21 2004 - 22:41:12 EST

Next message: William Lee Irwin III: "slab redzoning"
Previous message: Spinka, Kristofer: "RE: Unserializing ioctl() system calls"
In reply to: Andreas Amann: "Re: 2.6.6 breaks kmail (nfs related?)"
Next in thread: Matthias Urlichs: "Re: 2.6.6 breaks kmail (nfs related?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, May 22, 2004 at 01:05:45AM +0200, Andreas Amann wrote:
> On Fri, May 21, 2004 at 12:40:02PM -0400, Trond Myklebust wrote:
> >
> > Hmm... It looks to me as if you are exporting that filesystem with the
> > "subtree_check" option enabled. Could you try to set "no_subtree_check"?
>
> Thanks for that one, with "no_subtree_check" the problem disappears!
> What is the disadvantage of this option?

With "no_subtree_check" the server will not attempt to verify that a
given filehandle points to a file that is beneath an exported directory;
thus an attacker can guess filehandles of files not beneath any exported
directory and use those guessed filehandles to acces files you didn't
mean to export.

Even with "no_subtree_check", the server can still recognize which
filesystem a filehandle belongs to; so you're only in trouble if you
have files you don't want exported on the same partition as files you do
want exported.

See "man exports" for more.

--Bruce Fields
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: William Lee Irwin III: "slab redzoning"
Previous message: Spinka, Kristofer: "RE: Unserializing ioctl() system calls"
In reply to: Andreas Amann: "Re: 2.6.6 breaks kmail (nfs related?)"
Next in thread: Matthias Urlichs: "Re: 2.6.6 breaks kmail (nfs related?)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]