summaryrefslogtreecommitdiff
path: root/fs/dcache.c
diff options
context:
space:
mode:
authorJ. Bruce Fields <bfields@redhat.com>2018-03-08 15:49:48 -0500
committerJ. Bruce Fields <bfields@redhat.com>2018-03-19 16:38:13 -0400
commit9d7ed1355db5b00b9f9f4c333fc2b1825b0db25a (patch)
treeff35a096277cf5d588557676787387b3b69c5891 /fs/dcache.c
parentedcc8452a05ffd2d2c8574905660c9c2572af075 (diff)
nfsd: don't require low ports for gss requests
In a traditional NFS deployment using auth_unix, the clients are trusted to correctly report the credentials of their logged-in users. The server assumes that only root on client machines is allowed to send requests from low-numbered ports, so it can use the originating port number to distinguish "real" NFS clients from NFS clients run by ordinary users, to prevent ordinary users from spoofing credentials. The originating port number on a gss-authenticated request is less important. The authentication ties the request to a user, and we take it as proof that that user authorized the request. The low port number check no longer adds much. So, don't enforce low port numbers in the auth_gss case. Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Diffstat (limited to 'fs/dcache.c')
0 files changed, 0 insertions, 0 deletions