tags 491791 fixed-upstream
thanks
Hello Brian
Thanks for your report.
On Mon, Jul 21, 2008 at 11:37 PM, brian m. carlson
<[EMAIL PROTECTED]> wrote:
> Package: manpages-dev
> Version: 3.03-1
> Severity: normal
>
> In recent versions of manpages-dev, the warning about O_EXCL and NFS
> reads in part:
>
> O_EXCL is not supported on NFSv2 or on Linux before kernel 2.6; it is
> supported on Linux 2.6 and later, with NFSv3 or later.
>
> This is false. Linux 2.4.31 does support O_EXCL [0], correctly, it
> appears. The same code appears to be present in Linux 2.4.0.
> Additionally, I cannot honestly believe that something as important as
> O_EXCL (which is required for avoiding root security holes) doesn't
> actually work at all with 2.4 kernels[1]. It may not work in conjunction
> with NFS; that's fine, and that should be documented. But the text
> should not lead people to believe that O_EXCL only works with Linux 2.6,
> when in fact that's not the case.
Yes, the text is a little poorly worded. The intent of that paragraph
was to discuss O_EXCL solely as it relates to NFS, but as you have
pointed out, there is some ambiguity in the way it can be read.
For upstream man-pages-3.05 I've changed the first sentence of the
paragraph to be the simpler:
O_EXCL is only supported on NFS when using NFSv3 or
later on kernel 2.6 or later.
Does that work for you?
> It might be useful to also explain whether NFS O_EXCL is broken with
> regard to symlink attacks, as well as locking.
This is a logically separate question; could you please file it in
another bug report. (Filing logically separate bugs in the same
report makes it difficult to close a report until both bugs are
addressed.)
Thanks,
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
