2012/12/12 David Laight david@l8s.co.uk:
On Sat, Dec 08, 2012 at 12:43:14AM +0400, Pavel Shilovsky wrote:
The problem is the possibility of denial-of-service attacks here. We can try to prevent them by:
FWIW I already see a DoS 'attack'. I have some filestore shared using NFS (to Linux and Solaris) and using samba (to Windows).
I use it for release builds of a product to ensure the versions built for the different operating systems match, and because some files have to be built on an 'alien' system (eg gcc targetted at embedded card).
I can't run the windows build at the same time as the others because the windows C compiler manages to obtain exclusive access to the source files - stopping the other systems from reading them.
We can make this feature (passing O_DENY* flags received from clients to filesystem) can be turned on/off on Samba/NFS server to let this particular use case work. In general, I think we really need to be sure that nobody has a read access for files that a Windows process opened with O_DENYREAD (because there can be important reasons for the Windows process to do so).