On Tue, Sep 14, 2021 at 10:32 AM Vivek Goyal <vgoyal@xxxxxxxxxx> wrote: > open_by_handle_at() requires CAP_DAC_READ_SEARCH. Or some sort of access to the network. If you can send rpc requests to the nfs server that appear to be from someone with access to the export, you can guess filehandles that allow access to objects under that directory. You'll need access to particular objects, but you won't need read or lookup access to the directory. You can prevent that if you set things up right, but these filehandle-issues are poorly understood, and people often forget to take them into account. --b. > And if you have > CAP_DAC_READ_SEARCH, you don't need to even guess file handles. You > should be able to read/search through all directories, IIUC. > > So how does one make sure that shared directory on host is not > accessible to unprivileged entities. If making directory accessible > to root only is weaker security, what are the options for stronger > security.
