[11] in linux-security and linux-alert archive
Re: NFS deamon can be killed by normal users.
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Mar 6 12:57:29 1995
From: iialan@iifeak.swan.ac.uk (Alan Cox)
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 6 Mar 1995 09:59:47 +0000 (GMT)
In-Reply-To: <199503041618.RAA00465@cave.et.tudelft.nl> from "R.E.Wolff@et.tudelft.nl" at Mar 4, 95 05:18:35 pm
Reply-To: linux-security@tarsier.cv.nrao.edu
> The nfs deamons can be killed by any user. This is because the
> nfs deamon takes on the userid of the current request. It then
> remains at this userID untill the next request.
Change your nfsd to make use of setfsuid(). I was under the impression
that this was why it was added. setfsuid() allows you to set the effective
uid for file access only.
> might succeed. A true solution would allow the nfsd process to
> indicate to the kernel that although it has the euid of a user, it
> doesn't want to be considered "owned" by that user.
Thats setfsuid()
Alan
