From owner-freebsd-hackers@FreeBSD.ORG  Wed Aug 24 15:54:24 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@freebsd.org
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C09916A41F;
	Wed, 24 Aug 2005 15:54:24 +0000 (GMT)
	(envelope-from sten@blinkenlights.nl)
Received: from ford.blinkenlights.nl (ford.blinkenlights.nl [213.204.211.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 56D2543D45;
	Wed, 24 Aug 2005 15:54:23 +0000 (GMT)
	(envelope-from sten@blinkenlights.nl)
Received: from tea.blinkenlights.nl (tea.blinkenlights.nl
	[IPv6:2001:980:ffe:3:a00:20ff:fe85:fa39])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ford.blinkenlights.nl (Postfix) with ESMTP id 74EC82629A;
	Wed, 24 Aug 2005 17:54:25 +0200 (CEST)
Received: by tea.blinkenlights.nl (Postfix, from userid 101)
	id 14D2C21B; Wed, 24 Aug 2005 17:54:25 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by tea.blinkenlights.nl (Postfix) with ESMTP
	id 08CBF13F; Wed, 24 Aug 2005 17:54:25 +0200 (CEST)
Date: Wed, 24 Aug 2005 17:54:24 +0200 (CEST)
From: Sten Spans <sten@blinkenlights.nl>
To: Colin Percival <cperciva@freebsd.org>
In-Reply-To: <424C8DF9.2060905@freebsd.org>
Message-ID: <Pine.SOC.4.61.0508241749550.17449@tea.blinkenlights.nl>
References: <20050331111625.GA13338@zoopee.org> <424C8DF9.2060905@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Mailman-Approved-At: Thu, 25 Aug 2005 11:44:22 +0000
Cc: FreeBSD Hackers List <freebsd-hackers@freebsd.org>,
	Tom Alsberg <alsbergt@cs.huji.ac.il>, freebsd-stable@freebsd.org
Subject: NFS - MNT_NOEXEC [WAS Re: MNT_NOEXEC on root filesystem with
 diskless PXE boot?]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2005 15:54:24 -0000

On Thu, 31 Mar 2005, Colin Percival wrote:

> Tom Alsberg wrote:
>> Perhaps this should go to -STABLE, I just couldn't be sure.
>
> It will get more attention on freebsd-stable@, so I'm CCing that list.
>
>> We are trying out FreeBSD 5.4-PRERELEASE on diskless clients.  I
>> noticed one problem, being that when setting the LD_LIBRARY_PATH
>> (or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
>> variables, nothing will run, as /libexec/ld-elf.so.1 complains:
>>
>> Cannot execute objects on /
>>
>> According to the sources, this was added in 5.4, and will happen
>> if / is mounted noexec.
>
> Yes, that's quite correct -- although I can't imagine how a bug which
> caused / to be labelled as "noexec" managed to avoid causing major
> problems until now.
>
> I don't know anything about NFS, but hopefully someone on -stable
> will be able to work out what's going on from the rest of your
> email (quoted below).
>
> Colin Percival
>
>> In this case, / is mounted by the BTX PXE loader over NFS (from a
>> FreeBSD 5.3 server, right now).  "mount" does not show the noexec
>> flag.  However, with the attached little C program I verified that
>> statfs really returns this flag (0x00000006).
>>
>> Now, I see that on FreeBSD 5.3 diskless clients this flag is also
>> returned on / - just it happened that nobody looked at it until
>> the change in rtld.c of FreeBSD 5.4:
>>
>> if (fs.f_flags & MNT_NOEXEC) {
>> 	_rtld_error("Cannot execute objects on %s\n", fs.f_mntonname);
>> 	close(fd);
>> 	return NULL;
>> }
>>
>> I didn't yet understand (didn't check much) - why does statfs report
>> the MNT_NOEXEC flag on the / filesystem (and only the / filesystem,
>> when it's mounted from NFS by the bootloader - not any other
>> NFS filesystems)?  BTW, this happens also with NetApp as the NFS
>> server - just to rule out any possibility of relation here.
>>
>>   Ideas appreciated,
>>   -- Tom
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> #include <stdio.h>
>> #include <fcntl.h>
>> #include <sys/param.h>
>> #include <sys/mount.h>
>>
>>
>> int main(int argc, char *argv[])
>> {
>>     if (argc != 2) {
>> 	fprintf(stderr, "invalid number of arguments");
>> 	return -1;
>>     }
>>
>>     struct statfs stbuf;
>>
>>     if (statfs(argv[1], &stbuf) != 0) {
>> 	perror("fstatfs");
>> 	return -1;
>>     }
>>
>>     printf("FLAGS: 0x%08X\n", stbuf.f_flags);
>>     if (stbuf.f_flags & MNT_NOEXEC)
>> 	printf("MNT_NOEXEC\n");
>>
>>     return 0;
>> }

I've managed to reproduce this with a simple:

www1# gcc -o noexec noexec.c
www1# umount /buildroot/
www1# mount nfs3:/export/vol1/build/BUILDROOT-WWW /buildroot
www1# ./noexec /buildroot/
exec
www1# umount /buildroot/
www1# mount -o -r=32768 nfs3:/export/vol1/build/BUILDROOT-WWW /buildroot
www1# ./noexec /buildroot/
noexec
www1#

Pretty funky shit this :).

PR: 85268
http://www.freebsd.org/cgi/query-pr.cgi?pr=85268

Anybody care to take a deeper look ?

-- 
Sten Spans

"There is a crack in everything, that's how the light gets in."
Leonard Cohen - Anthem