| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200712072005.lB7K5Cre013747@agora.fsl.cs.sunysb.edu>
Date: Fri, 7 Dec 2007 15:05:12 -0500
From: Erez Zadok <ezk@...sunysb.edu>
To: "J. Bruce Fields" <bfields@...ldses.org>
Cc: Erez Zadok <ezk@...sunysb.edu>, linux-kernel@...r.kernel.org,
nfs@...ts.sourceforge.net,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [NFS] NFSv2/3 broken exporting/mounting (permission denied) in 2.6.24-rc4
In message <20071207025504.GA3070@...ldses.org>, "J. Bruce Fields" writes:
> On Thu, Dec 06, 2007 at 09:20:41PM -0500, Erez Zadok wrote:
> > I get a "permission denied" when trying to mount a localhost nfsv2/3
> > exported volume, on v2.6.24-rc4-124-gf194d13. It works w/ nfsv4 mounting.
> > It worked fine in 2.6.24-rc3. Here's a sequence of ops I tried:
> >
> > # mount -t ext2 /dev/hdb1 /n/lower/b0
> > # exportfs -o no_root_squash,rw localhost:/n/lower/b0
> > # mount -t nfs -o nfsvers=3 localhost:/n/lower/b0 /mnt
>
> What do you see if you watch the network traffic in ethereal?
>
> --b.
Bruce, I'm using nfs-utils-1.0.10-14.fc6 on an FC6 system with all latest
FC6 patches. Using git-bisect I was able to find the patch which broke it:
commit 2b1e300a9dfc3196ccddf6f1d74b91b7af55e416
Author: Eric W. Biederman <ebiederm@...ssion.com>
Date: Sun Dec 2 00:33:17 2007 +1100
[NETNS]: Fix /proc/net breakage
Well I clearly goofed when I added the initial network namespace support
for /proc/net. Currently things work but there are odd details visible to
user space, even when we have a single network namespace.
Since we do not cache proc_dir_entry dentries at the moment we can just
modify ->lookup to return a different directory inode depending on the
network namespace of the process looking at /proc/net, replacing the
current technique of using a magic and fragile follow_link method.
To accomplish that this patch:
- introduces a shadow_proc method to allow different dentries to
be returned from proc_lookup.
- Removes the old /proc/net follow_link magic
- Fixes a weakness in our not caching of proc generic dentries.
As shadow_proc uses a task struct to decided which dentry to return we can
go back later and fix the proc generic caching without modifying any code
that uses the shadow_proc method.
Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>
Cc: "Rafael J. Wysocki" <rjw@...k.pl>
Cc: Pavel Machek <pavel@....cz>
Cc: Pavel Emelyanov <xemul@...nvz.org>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Ingo Molnar <mingo@...e.hu>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Herbert Xu <herbert@...dor.apana.org.au>
With the above patch, rpc.mountd is unable to open /proc/fs/nfsd/filehandle.
Strace shows:
open("/proc/fs/nfsd/filehandle", O_RDWR|O_LARGEFILE) = -1 ENOENT (No such file or directory)
Without the above patch, /proc/fs/nfsd is populated with a number of files,
including "filehandle".
Erez.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists