On Nov 2, 2009, at 2:38 PM, "Paul B. Henson" <hen...@acm.org> wrote:
On Sat, 31 Oct 2009, Al Hopper wrote:
Kudos to you - nice technical analysis and presentation, Keep
lobbying
your point of view - I think interoperability should win out if it
comes
down to an arbitrary decision.
Thanks; but so far that doesn't look promising. Right now I've got a
cron
job running every hour on the backend servers crawling around and
fixing
permissions on new directories :(.
You would have thought something like this would have been noticed
in one
of the NFS interoperability bake offs.
Paul,
Maybe your approaching this the wrong way.
Maybe this isn't an interoperability fix, but a security fix as it
allows non-Sun clients to bypass security restrictions placed on a
sgid protected directory tree because it doesn't properly test the
existence of that bit upon file creation.
If an appropriate scenario can be made, and I'm sure it can, one might
even post a CERT advisory to make sure operators are made aware of
this potential security problem.
-Ross
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
