(Illustration by Gaich Muramatsu)
(Illustration by Gaich Muramatsu)
Your project is to arrange that Coda respects mode bits in addition to ACL's. In this way, an individual file in a directory can be protected against being overwritten. Also I'd like you to investigate to what extent chown and chmod currently work and what the desirable extensions would be. For example, installing suid programs is important. Also we would like a chown to work quite generally (but probably remove any suid bit to avoid security leaks). Satya's paper has some background on this. The complicating issue here is that you are NOT implementing Unix semantics: - Unix semantics would also deny a chmod operation on the file if its "w" bit was not set. This we want to leave under control by the ACL and not in the mode bit. - Coda will ignore anything but: a) the "w" bit for owner of regular files b) the "x" bit of regular files c) the suid bit of regular files d) it could/should respect the sgid bit (it may do this automatically) on directories Task one for you is to understand the detailed functioning of these mode bits, and to get Satya's paper on security from Bradley. A) in the kernel code for Coda (do it for version 2.1): you should probably NOT modify coda_access since in that way you would block chmods. Instead you should put a check for the "w" bit in the coda_write call. You should NOT modify open since then fchmod would start to fail. B) Venus does not see writes, but it should refuse to store a new copy of a file if the "w" bit is not set. Probably it is best to intercept this issue in coda-src/venus/vproc_vfscalls.cc vproc::close You should NOT modify vproc::open since then fchmod would start to fail. C) The server should refuse to server a "STORE" rpc unless the "w" bit is set. This is done in coda-src/vice/srvproc.cc in the routine CheckStoreSemantics. Then analyse the "x" bit in a similar way (this is entirely kernel based I think, since the server never sees "x" and Venus just sees the open. When this works we'll look a bit a suid programs and chown (read Satya's paper, it talks about this). Could you let me know if you are using sparc or intel -- I forgot to take that down. - Peter -Received on 1998-02-09 12:22:57