lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 7 Dec 2007 15:00:13 -0500 From: Erez Zadok <ezk@...sunysb.edu> To: "J. Bruce Fields" <bfields@...ldses.org> Cc: Erez Zadok <ezk@...sunysb.edu>, linux-kernel@...r.kernel.org, nfs@...ts.sourceforge.net, "Eric W. Biederman" <ebiederm@...ssion.com>, "Rafael J. Wysocki" <rjw@...k.pl>, Pavel Machek <pavel@....cz>, Pavel Emelyanov <xemul@...nvz.org>, "David S. Miller" <davem@...emloft.net>, Ingo Molnar <mingo@...e.hu>, Andrew Morton <akpm@...ux-foundation.org>, Herbert Xu <herbert@...dor.apana.org.au> Subject: Re: [NFS] NFSv2/3 broken exporting/mounting (permission denied) in 2.6.24-rc4 In message <20071207025504.GA3070@...ldses.org>, "J. Bruce Fields" writes: > On Thu, Dec 06, 2007 at 09:20:41PM -0500, Erez Zadok wrote: > > I get a "permission denied" when trying to mount a localhost nfsv2/3 > > exported volume, on v2.6.24-rc4-124-gf194d13. It works w/ nfsv4 mounting. > > It worked fine in 2.6.24-rc3. Here's a sequence of ops I tried: > > > > # mount -t ext2 /dev/hdb1 /n/lower/b0 > > # exportfs -o no_root_squash,rw localhost:/n/lower/b0 > > # mount -t nfs -o nfsvers=3 localhost:/n/lower/b0 /mnt > > What do you see if you watch the network traffic in ethereal? > > --b. Bruce, I'm using nfs-utils-1.0.10-14.fc6 on an FC6 system with all latest FC6 patches. Using git-bisect I was able to find the patch which broke it: commit 2b1e300a9dfc3196ccddf6f1d74b91b7af55e416 Author: Eric W. Biederman <ebiederm@...ssion.com> Date: Sun Dec 2 00:33:17 2007 +1100 [NETNS]: Fix /proc/net breakage Well I clearly goofed when I added the initial network namespace support for /proc/net. Currently things work but there are odd details visible to user space, even when we have a single network namespace. Since we do not cache proc_dir_entry dentries at the moment we can just modify ->lookup to return a different directory inode depending on the network namespace of the process looking at /proc/net, replacing the current technique of using a magic and fragile follow_link method. To accomplish that this patch: - introduces a shadow_proc method to allow different dentries to be returned from proc_lookup. - Removes the old /proc/net follow_link magic - Fixes a weakness in our not caching of proc generic dentries. As shadow_proc uses a task struct to decided which dentry to return we can go back later and fix the proc generic caching without modifying any code that uses the shadow_proc method. Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com> Cc: "Rafael J. Wysocki" <rjw@...k.pl> Cc: Pavel Machek <pavel@....cz> Cc: Pavel Emelyanov <xemul@...nvz.org> Cc: "David S. Miller" <davem@...emloft.net> Cc: Ingo Molnar <mingo@...e.hu> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org> Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au> With the above patch, rpc.mountd is unable to open /proc/fs/nfsd/filehandle. Strace shows: open("/proc/fs/nfsd/filehandle", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory) Without the above patch, /proc/fs/nfsd is populated with a number of files, including "filehandle". Erez. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists