Hey all - Nick and I are digging through the permissions checking in various state machines and we're a little confused about something. It seems that both the truncate and io state machines do not check permissions unless root squashing has been performed. If it hasn't, the checks in-place now simply allow access.
Is there any checking going on somewhere we aren't finding it? Both state machines use the PINT_SERVER_CHECK_NONE value in the server request parameters structure which seems to bypass all permissions checking entirely except for the root squashing case. Right now the client-side calls do a getattr before doing any io and thus get denied access if privileges don't match. It seems like it'd be fairly easy to write a program that could directly send io requests with any file handle to grab or overwrite data. Is this something that just got overlooked or is there some kind of check in place to prevent this? Thanks! - Dave _______________________________________________ Pvfs2-developers mailing list [email protected] http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
