> knfsd is called inode operations directly. Unfortunately its not also
> duplicating the security checking preamble that leads up to them. This
> means we have problems where any NFS client can create device files as
> any user for example.
>
> In paticular it skips the read only file system check, the only root
> can make non fifo devices check and other stuff. Skipping the ROFS check
> could cause pretty serious problems alone.
OK, I'll take a look at what needs to be changed. Basically you're saying
that the security checks in knfsd should parallel those for mknod?
Regards,
Bill
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html