dana@tread.wpd.sgi.com (Dana Treadwell) (05/08/91)
No kidding:
Sun introduced a bug in their SunOS 4.1 NFS server code (that is still present
in 4.1.1) which allows *any* client to change a file's size, with or without
permission to do so. This opens the door to file corruption/data loss on the
server. For instance, for some non-Sun NFS clients, if a user running as root
on the client tries to write to a file for which (s)he doesn't have write
permission, the file will be truncated to 0 bytes on the Sun server.
If you have an IRIS NFS client using a Sun running 4.1(.1) as an NFS server,
I strongly advise you to contact Sun for their patch. The bug is in Sun's
database as #1045536 and/or #1058798. In the meantime, you might want to
export all filesystems 'ro' on your Sun(s).
Dana
dana@sgi.com