From owner-freebsd-arch@FreeBSD.ORG Fri Sep 22 12:28:08 2006 Return-Path: X-Original-To: arch@FreeBSD.org Delivered-To: freebsd-arch@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5E66416A407; Fri, 22 Sep 2006 12:28:08 +0000 (UTC) (envelope-from jilles@stack.nl) Received: from mx1.stack.nl (meestal.stack.nl [131.155.140.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id 50F5B43D6B; Fri, 22 Sep 2006 12:28:05 +0000 (GMT) (envelope-from jilles@stack.nl) Received: from snail.stack.nl (snail.stack.nl [IPv6:2001:610:1108:5010::131]) by mx1.stack.nl (Postfix) with ESMTP id 9B8D94AF8B; Fri, 22 Sep 2006 14:28:04 +0200 (CEST) Received: by snail.stack.nl (Postfix, from userid 1677) id 691AC2288E; Fri, 22 Sep 2006 14:28:04 +0200 (CEST) Date: Fri, 22 Sep 2006 14:28:04 +0200 From: Jilles Tjoelker To: Rink Springer Message-ID: <20060922122804.GA2871@stack.nl> References: <20060922103110.GA4266@rink.nu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060922103110.GA4266@rink.nu> X-Operating-System: FreeBSD 5.5-RELEASE-p1 i386 User-Agent: Mutt/1.5.13 (2006-08-11) Cc: arch@FreeBSD.org, roel@qsp.nl Subject: Re: NFS+SUIDDIR problem X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Sep 2006 12:28:08 -0000 On Fri, Sep 22, 2006 at 12:31:10PM +0200, Rink Springer wrote: > However, the NFS server code > nfsserver/nfs_serv.c:nfsrv_access_withgiant() will check whether the > vnode's attributes match those of the user credentials (cred->cr_uid == > vattr.va_uid). As the UFS driver just transformed uid1 to uid2, the > check above does not hold (as vattr.va_uid == uid2 but cred->cr_uid == > uid1), and thus acccess is incorrectly denied. Actually, that's not what it does exactly. It first checks if the file permissions allow the access; then, if they do not, the file owner UID may get access anyway (to accomodate software that opens a file and then chmods it in a way that will deny access). > We've devised a patch which allows any write on a MNT_SUIDDIR mounted > filesystem, as long as the UID is within a certain range (settable using > sysctl's). > However, even though this prevents our problems, is there a better > solution to this problem (eg. having the vnode remember that it was > chowned and checking that field)?. Or would it be best to request our > patch to be commited? Having the vnode remember that it was chowned will break if the server reboots or the vnode is removed from memory before the write is done. The fundamental problem is that NFSv2 and NFSv3 do not have the concept of an open file. One (dirty) way would be to add an ACL entry for the creator of a SUIDDIR file. There is no clean way to get rid of the entry later, however. Also, this requires enabling ACLs on the filesystem which you may not want. -- Jilles Tjoelker