Date: Fri, 22 Sep 2006 14:28:04 +0200 From: Jilles Tjoelker <jilles@stack.nl> To: Rink Springer <rink@FreeBSD.org> Cc: arch@FreeBSD.org, roel@qsp.nl Subject: Re: NFS+SUIDDIR problem Message-ID: <20060922122804.GA2871@stack.nl> In-Reply-To: <20060922103110.GA4266@rink.nu> References: <20060922103110.GA4266@rink.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 22, 2006 at 12:31:10PM +0200, Rink Springer wrote: > However, the NFS server code > nfsserver/nfs_serv.c:nfsrv_access_withgiant() will check whether the > vnode's attributes match those of the user credentials (cred->cr_uid == > vattr.va_uid). As the UFS driver just transformed uid1 to uid2, the > check above does not hold (as vattr.va_uid == uid2 but cred->cr_uid == > uid1), and thus acccess is incorrectly denied. Actually, that's not what it does exactly. It first checks if the file permissions allow the access; then, if they do not, the file owner UID may get access anyway (to accomodate software that opens a file and then chmods it in a way that will deny access). > We've devised a patch which allows any write on a MNT_SUIDDIR mounted > filesystem, as long as the UID is within a certain range (settable using > sysctl's). > However, even though this prevents our problems, is there a better > solution to this problem (eg. having the vnode remember that it was > chowned and checking that field)?. Or would it be best to request our > patch to be commited? Having the vnode remember that it was chowned will break if the server reboots or the vnode is removed from memory before the write is done. The fundamental problem is that NFSv2 and NFSv3 do not have the concept of an open file. One (dirty) way would be to add an ACL entry for the creator of a SUIDDIR file. There is no clean way to get rid of the entry later, however. Also, this requires enabling ACLs on the filesystem which you may not want. -- Jilles Tjoelker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060922122804.GA2871>