On Fri, Jul 02, 2004 at 04:58:02PM +0100, Jon Peatfield wrote: > None of the "obvious" tests I carried out with the existing nfs server > code allowed me to chgrp a file I didn't own, so I'm not exactly sure > under what circumstances the is actually exploitable anyway (maybe it > needs root-squash turning off or something, in which case it would > only affect hosts you nfs export (rw) to which are untrustworthy). I would be most interested on the precise nature of this vulnerability, which I've not been able to find explained anywhere. I'm about to roll out 35.7, but if I can find evidence that the chown bug really does affect our particular setup I'll have to rethink. As Jon says the obvious tests fail with "Operation not permitted" (including when exported no_root_squash). The question is, is the vulnerability relevant when root@ all the NFS clients is trusted? I'd be interested if anyone has any insight. Cheers, Dominic. -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
