2012/12/12 David Laight <david@xxxxxxxxx>: > On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote: >> >> The problem is the possibility of denial-of-service attacks here. We >> can try to prevent them by: > > FWIW I already see a DoS 'attack'. > I have some filestore shared using NFS (to Linux and Solaris) and > using samba (to Windows). > > I use it for release builds of a product to ensure the versions > built for the different operating systems match, and because some > files have to be built on an 'alien' system (eg gcc targetted at > embedded card). > > I can't run the windows build at the same time as the others > because the windows C compiler manages to obtain exclusive access > to the source files - stopping the other systems from reading them. We can make this feature (passing O_DENY* flags received from clients to filesystem) can be turned on/off on Samba/NFS server to let this particular use case work. In general, I think we really need to be sure that nobody has a read access for files that a Windows process opened with O_DENYREAD (because there can be important reasons for the Windows process to do so). -- Best regards, Pavel Shilovsky. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
