On Mon, 14 Jul 2003, Matthias Buelow wrote:

> Greg A. Woods writes:
>
> >Of course these calls (including getfh()) are currently restricted to
> >the superuser because they have not had the necessary ACL semantics
> >defined for them.
>
> I don't understand why they're restricted to the superuser -- getfh()
> does return EACCES when it can't access the directory of the specified
> pathname and fhopen() surely checks for permissions on the file
> itself.

Because if you have the file handle, then you can spoof NFS traffic to it,
and spoof your UID to be something that can access the file. Or you can
snoop NFS traffic and get a file handle, then use fhopen() to open
something you don't have path permissions to access. Thus for now you have
to be root, as these calls can circumvent too many security checks. ;-)

Take care,

Bill