From owner-freebsd-bugs Mon Oct 21 6:10:15 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6ED3137B427 for ; Mon, 21 Oct 2002 06:10:13 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id D91B743E77 for ; Mon, 21 Oct 2002 06:10:10 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id g9LDAAx3006985 for ; Mon, 21 Oct 2002 06:10:10 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id g9LDAAj6006984; Mon, 21 Oct 2002 06:10:10 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B3DDC37B401 for ; Mon, 21 Oct 2002 06:03:33 -0700 (PDT) Received: from www.freebsd.org (www.freebsd.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35FC543E75 for ; Mon, 21 Oct 2002 06:03:33 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.6/8.12.6) with ESMTP id g9LD3W7R048754 for ; Mon, 21 Oct 2002 06:03:32 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.6/8.12.6/Submit) id g9LD3Wrg048753; Mon, 21 Oct 2002 06:03:32 -0700 (PDT) Message-Id: <200210211303.g9LD3Wrg048753@www.freebsd.org> Date: Mon, 21 Oct 2002 06:03:32 -0700 (PDT) From: Michael van Elst To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: kern/44336: NFSv3 client broken - security problem with attribute caching Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 44336 >Category: kern >Synopsis: NFSv3 client broken - security problem with attribute caching >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Oct 21 06:10:10 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Michael van Elst >Release: FreeBSD 4.7-STABLE / FreeBSD 5.0-CURRENT >Organization: Cable&Wireless >Environment: FreeBSD dt1.dev.de.cw.net 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 10 18:20:04 CEST 2002 root@dt1.dev.de.cw.net:/usr/src/sys/compile/DT1 i386 FreeBSD dv2.dev.de.cw.net 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Tue Sep 17 17:25:48 CEST 2002 root@dv2.dev.de.cw.net:/usr/src/sys/i386/compile/DV2 i386 >Description: Effect of chmod(1) is deferred on NFSv3 mounts. >How-To-Repeat: Mount a directory on a NFSv3 server (tested against a NetApp filer and a FreeBSD-4.6-STABLE server) and change to that directory. % touch foo % chmod 644 foo ; echo >> foo % chmod 0 foo ; echo >> foo % chmod 0 foo ; echo >> foo foo: Permission denied. % chmod 644 foo ; echo >> foo % chmod 0 foo ; sleep 2 ; echo >> foo foo: Permission denied Apparently it takes up to two seconds before the chmod becomes effective. Most probable reason: the NFS client uses cached attributes that are not invalidated by chmod(1). Repeating the same with a NFSv2 mount does not exhibit the problem. Repeating the same on NetBSD1.6 and Solaris9 does not exhibit the problem. >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message