On Wed, Aug 15, 2001 at 10:30:46AM -0500, Steve Lord wrote:
> Andrew had the approach of setting the umask of the nfsd process to 0 at
> startup, there was some other reason for this not being popular.
He did it for init_task, which disturbed all other kernel threads too
and opened tons of security holes.
The right way IMHO is to give nfsd an own fs_struct and set umask there,
as in this patch.
-Andi
--- linux-xfs/fs/nfsd/nfssvc.c-NFSUMASK Wed Jun 20 13:08:49 2001
+++ linux-xfs/fs/nfsd/nfssvc.c Wed Aug 15 19:32:11 2001
@@ -136,6 +136,18 @@
}
}
+int fork_fsstruct(void)
+{
+ struct fs_struct *oldfs = current->fs, *newfs;
+ newfs = copy_fs_struct(oldfs);
+ if (newfs) {
+ current->fs = newfs;
+ put_fs_struct(oldfs);
+ return 0;
+ }
+ return -1;
+}
+
/*
* This is the NFS server kernel thread
*/
@@ -150,6 +162,8 @@
MOD_INC_USE_COUNT;
lock_kernel();
daemonize();
+ if (!fork_fsstruct())
+ current->fs->umask = 0;
sprintf(current->comm, "nfsd");
current->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
--- linux-xfs/kernel/ksyms.c-NFSUMASK Tue Aug 14 02:10:34 2001
+++ linux-xfs/kernel/ksyms.c Wed Aug 15 19:34:36 2001
@@ -298,6 +298,8 @@
EXPORT_SYMBOL(buffermem_pages);
EXPORT_SYMBOL(nr_free_pages);
EXPORT_SYMBOL(page_cache_size);
+EXPORT_SYMBOL(copy_fs_struct);
+EXPORT_SYMBOL(put_fs_struct);
/* for stackable file systems (lofs, wrapfs, cryptfs, etc.) */
EXPORT_SYMBOL(default_llseek);
|