Re: 2.2 -> 2.4 transition questions

From: Trond Myklebust (trond.myklebust@fys.uio.no)
Date: Sat Oct 14 2000 - 08:05:25 EST

Next message: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Previous message: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Next in thread: Andries.Brouwer@cwi.nl: "Re: 2.2 -> 2.4 transition questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>>>> " " == Andries Brouwer <aeb@veritas.com> writes:

>> o util-linux 2.10o # kbdrate -v

<snip>
> If anything is wrong, bug reports and patches are welcome.

Hi Andries,

Nothing wrong/buggy to report, but could you please apply the
following patch in order to support the 'broken_suid' NFS mount
option. The latter enables a backward-compatibility feature.

To summarize the feature:

The old NFS had a feature whereby if a setuid process failed due to
EACCES or EPERM, the RPC engine would drop the privileged credentials,
and retry using the uid/gid (instead of fsuid/fsgid).
Of course, this sort of thing may be a security problem, so in 2.4.x
(and in 2.2.18pre) it has been disabled by default. Unfortunately some
broken programs rely on this silliness instead of bothering to
dropping privileges themselves (the setuid version of xterm trying to
read ~/.Xauthority being one of the more prominent offenders); hence
the decision to make a new mount option...

Cheers,
Trond

diff -u --recursive --new-file mount-2.9u.orig/nfs_mount4.h mount-2.9u/nfs_mount4.h
--- util-linux-2.10m.orig/mount/nfs_mount4.h Tue Sep 5 14:24:42 2000
+++ util-linux-2.10m/mount/nfs_mount4.h Tue Sep 5 14:27:55 2000
@@ -67,5 +67,6 @@
#define NFS_MOUNT_VER3 0x0080 /* 3 */
#define NFS_MOUNT_KERBEROS 0x0100 /* 3 */
#define NFS_MOUNT_NONLM 0x0200 /* 3 */
+#define NFS_MOUNT_BROKEN_SUID 0x0400 /* 4 */

#endif
diff -u --recursive --new-file mount-2.9u.orig/nfsmount.c mount-2.9u/nfsmount.c
--- util-linux-2.10m.orig/mount/nfsmount.c Tue Sep 5 14:24:42 2000
+++ util-linux-2.10m/mount/nfsmount.c Tue Sep 5 14:36:13 2000
@@ -217,6 +217,7 @@
         int nocto;
         int noac;
         int nolock;
+ int broken_suid;
         int retry;
         int tcp;
         int mountprog;
@@ -313,6 +314,7 @@
         posix = 0;
         nocto = 0;
         nolock = 0;
+ broken_suid = 0;
         noac = 0;
         retry = 10000; /* 10000 minutes ~ 1 week */
         tcp = 0;
@@ -423,6 +425,8 @@
                                         nolock = !val;
                                 else
                                         printf(_("Warning: option nolock is not supported.\n"));
+ } else if (!strcmp(opt, "broken_suid")) {
+ broken_suid = val;
                         } else {
                                 if (!sloppy) {
                                         printf(_("unknown nfs mount option: "
@@ -446,6 +450,10 @@
#if NFS_MOUNT_VERSION >= 3
         if (nfs_mount_version >= 3)
                 data.flags |= (nolock ? NFS_MOUNT_NONLM : 0);
+#endif
+#if NFS_MOUNT_VERSION >= 4
+ if (nfs_mount_version >= 4)
+ data.flags |= (broken_suid ? NFS_MOUNT_BROKEN_SUID : 0);
#endif
         if (nfsvers > MAX_NFSPROT) {
                 fprintf(stderr, "NFSv%d not supported!\n", nfsvers);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Previous message: Ingo Rohloff: "Re: A patch to loop.c for better cryption support"
Next in thread: Andries.Brouwer@cwi.nl: "Re: 2.2 -> 2.4 transition questions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Oct 15 2000 - 21:00:27 EST