[PROPOSAL] extend UNIX_INFO2 to flag extended access controls
(take 2)
Steve French
smfrench at austin.rr.com
Fri Jan 25 20:50:28 GMT 2008
David Collier-Brown wrote:
> James Peach wrote:
>
>> On Jan 25, 2008, at 10:09 AM, simo wrote:
>
>
>>> Wouldn't it make sense to use an "access" call implemented by CIFS
>>> server instead ?
>>
>>
>>
>> In the long run, we ought to have an access call as well. That's
>> just not something I have a detailed proposal for yet.
>
>
> the Unix folks rejected it as overly racey, and defined (f)open
The user space access() system call can be racy, so it seems odd to use
it. Fortunately the man page notes this:
*"access*() may not work correctly on NFS file systems with UID mapping
enabled, because UID mapping is done on the server and hidden from the
client, which checks permissions. Using *access*() to check if a user
is authorized to e.g. open a file before actually doing so using /*open
<http://linux.die.net/man/2/open>*(2)/ creates a security hole, because
the user might exploit the short time interval between checking and
opening the file to manipulate it."
The kernel call, which for Linux is called "permission" (which for most
file systems calls the generic_permission function), is on line 172 and
following of fs/namei.c and is interesting to examine for the case of a
network file system.
More information about the samba-technical
mailing list