Date: Thu, 4 Nov 1999 12:42:38 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/14709: umountall requests possibly mishandled by mountd(8) Message-ID: <199911041742.MAA20940@cc942873-a.ewndsr1.nj.home.com>
next in thread | raw e-mail | index | archive | help
>Number: 14709 >Category: bin >Synopsis: umountall requests possibly mishandled by mountd(8) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Nov 4 09:50:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Crist J. Clark >Release: FreeBSD 3.3-STABLE i386 >Organization: >Environment: FreeBSD 3.x system with mountd(8) running. >Description: Several users have reported (search the -questions mail archive on the string 'umountall' for a sample) strange messages of the form, mountd[<pid>]: umountall request from <IP> from unprivileged port Where <IP> is an IP address of the host (not the loopback, however) appearing in their messages log. No events taking place on the server in question seems to correlate the the messages. I have been able to build a very strong correlation between the messages and other computers on the local network being shutdown (see the mail archives, http://www.freebsd.org/cgi/getmsg.cgi?fetch=1737357+1744288+/usr/local/www/db/text/1999/freebsd-questions/19991017.freebsd-questions for some examples from my personal logs). I believe that when machines broadcast their impending shutdown to the network, the mountd(8) process produces these messages. The messages worry me for two reasons, (1) The server is reporting a request from _itself_ rather than the machine in question. This means that the server is either spoofing itself (very bad) or is trying to talk to itself on an unpriviliged port and failing (why would it do that?). (2) The machine that generates the umountall need not actually have mounted a filesystem from the server. In fact, in the example I referenced above, only one of the machines that caused a message by going down actually had mounted anything from the server. This _seems_ to say that any machine on the LAN, regardless of permissions to mount, could possibly exploit any problems that this message may be hinting to. >How-To-Repeat: From my experience and a quick look over other emails on this topic, all you need is a FreeBSD 3.x machine running mountd(8), then bring another machine on the network down (there may be ways to generate the error by doing something less extreme than shutting down a second machine, but this is when I observe the messages without fail). >Fix: Origin of problem not yet understood. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911041742.MAA20940>