COMMAND

    open()

SYSTEMS AFFECTED

    IRIX 6.2 (others?)

PROBLEM

    Mike Kienenberger found following on open() calls.  Basically,  if
    you have SGI NFS clients mounting filesystems from SGI NFS servers
    with "root-as-nobody" access (access= entry, but no root=  entry),
    you can open() any  regular file from the  NFS client.  You  can't
    read it, but you can open it.   Once you've opened it, this  tends
    to corrupt the  kernel file tables.    Often this  results in  the
    following possibilities:

        - Root on the client can now read the file.
        - No one else can access the file.

    This  continues  until  the  machine  is  rebooted, thus it's most
    likely only a problem in the SGI NFS client side of the software.

SOLUTION

    SGI did finally create Bug  #465954, but it's unlikely that  it'll
    be fixed anytime soon. SGI's only response has been the following:

        "The  only  workaround  at  this  time  for  Bug #465954 is to
        specify  the  root=  option  in  /etc/exports. One of our lead
        engineer  has  stated  in  the  bug  report that this does not
        cause a  security problem,  so it  should be  safe for  you to
        implement."

    The  only   useful  workaround   is   to   make  sure   that   any
    non-"root-as-nobody"-readable  files  are  located  in directories
    that  are  also  not  accessible  by "root-as-nobody" so that this
    condition never pops up.