Hi Ian,
I want to debug some automounter problems, but first I need to make
automount debugging easier.
These patches are against
http://kernel.org/pub/linux/daemons/autofs/v4/autofs-4.1.3.tar.bz2 +
+ http://kernel.org/pub/linux/daemons/autofs/v4/.*patch
1.exec.patch:
allow to locate mount et al via $PATH (because I want eventually
to stop hardcoding mount path into automount binary).
2.fg.patch:
add -f --foreground option which prevents automount from daemonizing
(I need it in order to run automount under daemontools).
Improve usage() output.
24.syslog.patch
add -s --stderr option which makes automounter send all log output
to stderr, fix resulting breakage.
Ligntly run tested.
Please comment/apply.
PS: is there a reason why automount does this?
/* include/config.h. Generated by configure. */
#define PATH_MOUNT "/usr/bin/mount"
#define PATH_UMOUNT "/usr/bin/umount"
#define PATH_E2FSCK "/usr/bin/fsck.ext2"
#define PATH_E3FSCK "/usr/bin/fsck.ext3"
We have $PATH for ages...
--
vda
On Thursday 07 October 2004 21:17, [email protected] wrote:
> On Thu, 07 Oct 2004 20:49:17 +0300, Denis Vlasenko said:
>
> > PS: is there a reason why automount does this?
> >
> > /* include/config.h. Generated by configure. */
> > #define PATH_MOUNT "/usr/bin/mount"
> > #define PATH_UMOUNT "/usr/bin/umount"
> > #define PATH_E2FSCK "/usr/bin/fsck.ext2"
> > #define PATH_E3FSCK "/usr/bin/fsck.ext3"
> >
> > We have $PATH for ages...
>
> Yes, and sometimes you specifically want to make sure you pick up the
> right official binary, and not some other one that happens to be in $PATH.
> If somebody manages to get automount launched with an insecure $PATH, you
if (geteuid() != 0) {
fprintf(stderr, "%s: This program must be run by root\n", program);
exit(1);
}
If root starts automount with bogus $PATH, well, he gets what he deserves.
> could end up invoking a trojaned mount command (remember why "." in $PATH
> is a security issue....)
--
vda
On Thu, 07 Oct 2004 20:49:17 +0300, Denis Vlasenko said:
> PS: is there a reason why automount does this?
>
> /* include/config.h. Generated by configure. */
> #define PATH_MOUNT "/usr/bin/mount"
> #define PATH_UMOUNT "/usr/bin/umount"
> #define PATH_E2FSCK "/usr/bin/fsck.ext2"
> #define PATH_E3FSCK "/usr/bin/fsck.ext3"
>
> We have $PATH for ages...
Yes, and sometimes you specifically want to make sure you pick up the
right official binary, and not some other one that happens to be in $PATH.
If somebody manages to get automount launched with an insecure $PATH, you
could end up invoking a trojaned mount command (remember why "." in $PATH
is a security issue....)
On Thu, 7 Oct 2004 [email protected] wrote:
> On Thu, 07 Oct 2004 20:49:17 +0300, Denis Vlasenko said:
>
> > PS: is there a reason why automount does this?
> >
> > /* include/config.h. Generated by configure. */
> > #define PATH_MOUNT "/usr/bin/mount"
> > #define PATH_UMOUNT "/usr/bin/umount"
> > #define PATH_E2FSCK "/usr/bin/fsck.ext2"
> > #define PATH_E3FSCK "/usr/bin/fsck.ext3"
> >
> > We have $PATH for ages...
>
> Yes, and sometimes you specifically want to make sure you pick up the
> right official binary, and not some other one that happens to be in $PATH.
> If somebody manages to get automount launched with an insecure $PATH, you
> could end up invoking a trojaned mount command (remember why "." in $PATH
> is a security issue....)
>
And that would be the point of using configure to find this path info.
rather than using $PATH.
Ian
On Thu, 7 Oct 2004, Denis Vlasenko wrote:
> Hi Ian,
>
> I want to debug some automounter problems, but first I need to make
> automount debugging easier.
Thanks for your input.
I'll check this out as soon as I get time. I'm swamped right now so I
can't say when that will be. Sorry.
Shouldn't this be going to the autofs list?
Ian
> > > PS: is there a reason why automount does this?
> > >
> > > /* include/config.h. Generated by configure. */
> > > #define PATH_MOUNT "/usr/bin/mount"
> > > #define PATH_UMOUNT "/usr/bin/umount"
> > > #define PATH_E2FSCK "/usr/bin/fsck.ext2"
> > > #define PATH_E3FSCK "/usr/bin/fsck.ext3"
> > >
> > > We have $PATH for ages...
> >
> > Yes, and sometimes you specifically want to make sure you pick up the
> > right official binary, and not some other one that happens to be in $PATH.
> > If somebody manages to get automount launched with an insecure $PATH, you
> > could end up invoking a trojaned mount command (remember why "." in $PATH
> > is a security issue....)
>
> And that would be the point of using configure to find this path info.
> rather than using $PATH.
I copied automount binary to another box, which has mount in /bin while old
one had mount also in /usr/bin (and automount had /usr/bin/mount hardcoded),
I was puzzled how come it does not find mount?! I heeded to to do weird things
to compile in correct paths.
Can we stick to standard method of using $PATH? Please, pretty please.
> if (geteuid() != 0) {
> fprintf(stderr, "%s: This program must be run by root\n", program);
> exit(1);
> }
>
> If root starts automount with bogus $PATH, well, he gets what he deserves.
--
vda
On Sat, 9 Oct 2004 22:46:01 +0300, Denis Vlasenko
> Can we stick to standard method of using $PATH? Please, pretty please.
That'll break some backwards compatibility - probably just go with a
command flag to do that.
Jon.
On Sunday 10 October 2004 04:20, Jon Masters wrote:
> On Sat, 9 Oct 2004 22:46:01 +0300, Denis Vlasenko
>
> > Can we stick to standard method of using $PATH? Please, pretty please.
>
> That'll break some backwards compatibility - probably just go with a
> command flag to do that.
It won't break anything, because even with my patches
automount will call mount by absolute path (typically
[/usr]/bin/mount).
execvp() does not use PATH in this case.
I plan to add a flag to configure to stop using abs paths.
Only if built with this flag, automount will exec plain "mount"
and use PATH.
--
vda