Subject: Re: NFS access, was UBC...
To: Thor Lancelot Simon <firstname.lastname@example.org>
From: Frank van der Linden <email@example.com>
Date: 12/08/2003 18:28:14
On Mon, Dec 08, 2003 at 12:02:07PM -0500, Thor Lancelot Simon wrote:
> The one gotcha is that when using a gross hack like we do
> for AUTH_UNIX, one needs to be careful not to allow _more_ rights than
> were allowed at open() time, lest one create a security problem that can
> be exploited by opening a file the owner doesn't have write permission
> to, for example, then using that descriptor to write it after the open.
The checks for that are all in the layers above, so that isn't a problem.
Frank van der Linden firstname.lastname@example.org
NetBSD. Free, Unix-like OS. > 45 different platforms. http://www.netbsd.org/