[LWN Logo]

Date:	Mon, 31 Aug 98 17:18 BST
From:	alan@lxorguk.ukuu.org.uk (Alan Cox)
To:	linux-kernel@vger.rutgers.edu
Subject: Security Problems; knfsd


knfsd is called inode operations directly. Unfortunately its not also
duplicating the security checking preamble that leads up to them. This
means we have problems where any NFS client can create device files as
any user for example.

In paticular it skips the read only file system check, the only root
can make non fifo devices check and other stuff. Skipping the ROFS check
could cause pretty serious problems alone.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html