Nested Exports
Jay Plett
jay at silence.princeton.nj.us
Fri Jun 29 10:08:59 AEST 1990
In article <9394 at brazos.Rice.edu>, auspex!guy at uunet.uu.net (Guy Harris) writes:
> Because, even if that restriction didn't exist, you *still* couldn't
> securely export a whole partition to one machine and a restricted piece to
> another, if your intent was to restrict the access of the "another" to the
> rest of the tree. The "another" could walk up the directory tree and get
> out of its restricted piece....
You can do that anyway. I tried running Jan-Simon Pendry's amd (an
automounter) on DS3100s. It managed to exercise some bug in Ultrix where
things like pwd wouldn't work because the kernel didn't recognize the
mount-point while walking up through it. If a server (Sun, Convex,
Whatever) exports a sub-tree of a filesystem, you could have amd mount
this subtree on a DS3100, then do "cd /mount/point" followed by "cd .."
and walk right up into the server's parent of the exported directory.
Cute. Just one of the reasons we found for getting rid of the DS3100s.
Still, if Ultrix can do it, no doubt any other O/S can be coaxed to do it
as well, given kernel sources.
...jay
More information about the Comp.sys.sun
mailing list