lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Mon, 29 Jan 2018 14:54:14 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Wolfgang Walter <linux@...m.de>
Cc:     stable@...r.kernel.org,
        Ben Hutchings <ben.hutchings@...ethink.co.uk>,
        linux-kernel@...r.kernel.org
Subject: Re: NFS: regression in stable kernel 4.9.78 from 4.9.75

On Mon, Jan 29, 2018 at 02:42:49PM +0100, Wolfgang Walter wrote:
> Hello!
> 
> Am Montag, 29. Januar 2018, 13:22:49 schrieb Wolfgang Walter:
> > Hello,
> > 
> > after upgrading our nfs-server from  4.9.75 to 4.9.78 group permissions stop
> > working (for clients). If you need group permissions to access a file or
> > directory, sometimes access is granted, but rather often denied. Often
> > access to the same object is denied within seconds after access was granted
> > in an earlier access. user permissions work fine.
> > 
> > Downgrading to 4.9.75 fixes the issue.
> > 
> > We use kerberos.
> > 
> > Regards,
> 
> This seems to be fixed in 4.15 with commit 
> 1995266727fa8143897e89b55f5d3c79aa828420:
> 
> 
> commit 1995266727fa8143897e89b55f5d3c79aa828420
> Author: Ben Hutchings <ben.hutchings@...ethink.co.uk>
> Date:   Mon Jan 22 20:11:06 2018 +0000
> 
>     nfsd: auth: Fix gid sorting when rootsquash enabled
>     
>     Commit bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility
>     group_info allocators") appears to break nfsd rootsquash in a pretty
>     major way.
>     
>     It adds a call to groups_sort() inside the loop that copies/squashes
>     gids, which means the valid gids are sorted along with the following
>     garbage.  The net result is that the highest numbered valid gids are
>     replaced with any lower-valued garbage gids, possibly including 0.
>     
>     We should sort only once, after filling in all the gids.
>     
>     Fixes: bdcf0a423ea1 ("kernel: make groups_sort calling a responsibility 
> ...")
>     Signed-off-by: Ben Hutchings <ben.hutchings@...ethink.co.uk>
>     Acked-by: J. Bruce Fields <bfields@...hat.com>
>     Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
> 
> 
> So this should be applied to stables 4.4, 4.9 and 4.14 (and others where 
> bdcf0a423ea1 has been backported to).

Ah, good catch, I missed that this had been merged already.

Now queued up to all relevant stable trees, thanks so much for the
report.

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ