git: nfs: init real/saved uid/gid in server-side credentials

Nicolas Thery nth at crater.dragonflybsd.org
Sun Aug 23 22:01:07 PDT 2009


commit c83849b3cf4ede85c7c7b1b7c90b20cb817b3285
Author: Nicolas Thery <nthery at gmail.com>
Date:   Sun Aug 23 21:04:21 2009 +0200

    nfs: init real/saved uid/gid in server-side credentials
    
    When unmarshalling a request, the server constructs a ucred
    structure (nfsrv_descript.nd_cr) from the credential data in the
    RPC.  It initializes only the effective uid and gid and leaves
    the real and saved uid/gid unitialized.  This effectively sets
    the real/effective ids to root because nd_cr is first
    bzero()'ed.
    
    As a consequence, now that accept(2) checks real uid/gid, all
    accept calls to NFS files incorrectly succeed.
    
    Fix this by initializing the real and saved uid/gid in nd_cr to
    the same values as the real uid/gid (only the real uid/gid are
    RPC'ed to the server).
    
    NOTE: accept(2) and faccessat(2) to NFS files are still broken
    in part because the client sends the effective uid/gid to the
    server.  I'll fix this once I've groked the uid magic in the NFS
    code.

Summary of changes:
 sys/vfs/nfs/nfs_socket.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/c83849b3cf4ede85c7c7b1b7c90b20cb817b3285


-- 
DragonFly BSD source repository





More information about the Commits mailing list