_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Steinar H. Gunderson wrote:
> On Fri, Jul 07, 2006 at 03:47:00PM -0400, Amit Gud wrote:
>> Please use the attached patch for testing. It varies only in the above
>> portion, but that should make a difference.
>
> Say, why is mount.nfs suid root in the first place? I'd expect it only to be
> called by mount, which should be suid already...
>
For security reasons, mount command resets the uids before calling
mount.nfs. So, even mount.nfs needs to be suid root to be able to use
the 'user' and 'users' mount options for NFS.
AG
--
May the source be with you.
http://www.cis.ksu.edu/~gud
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On 7/7/06, Amit Gud <[email protected]> wrote:
> Steinar H. Gunderson wrote:
> > Thanks, that should clean up most of the problems. How well is this tested?
> >
>
> The problem was the options that are meant solely for the mount utility,
> like remount or noauto, were being passed further down to the syscall.
> These options should be handled within the mount utility only and should
> not be passed further.
>
> I tested with options like
> noauto,async,_netdev,nodiratime,users,dirsync,noatime,nodev,mand,group,owner,suid,user,exec,rw,soft,intr
> and it apparently worked OK. This isn't regressively tested though. I
> would like to see this patch tested in the environment mentioned in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376839 .
How does this change affect the mount options that show up in
/proc/mounts and /proc/self/mountstats?
--
"We who cut mere stones must always be envisioning cathedrals"
-- Quarry worker's creed
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Chuck Lever wrote:
>
> How does this change affect the mount options that show up in
> /proc/mounts and /proc/self/mountstats?
IMO, it wouldn't affect at all. We are just trying to change the
user-space binaries, the stuff going in the kernel is still the same.
AG--
May the source be with you.
http://www.cis.ksu.edu/~gud
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Thanks, that should clean up most of the problems. How well is this tested?
/* Steinar */
--
Homepage: http://www.sesse.net/
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Steinar H. Gunderson wrote:
> Thanks, that should clean up most of the problems. How well is this tested?
>
The problem was the options that are meant solely for the mount utility,
like remount or noauto, were being passed further down to the syscall.
These options should be handled within the mount utility only and should
not be passed further.
I tested with options like
noauto,async,_netdev,nodiratime,users,dirsync,noatime,nodev,mand,group,owner,suid,user,exec,rw,soft,intr
and it apparently worked OK. This isn't regressively tested though. I
would like to see this patch tested in the environment mentioned in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376839 .
AG
--
May the source be with you.
http://www.cis.ksu.edu/~gud
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Fri, Jul 07, 2006 at 02:03:42PM -0400, Amit Gud wrote:
> I tested with options like
> noauto,async,_netdev,nodiratime,users,dirsync,noatime,nodev,mand,group,owner,suid,user,exec,rw,soft,intr
> and it apparently worked OK. This isn't regressively tested though. I would
> like to see this patch tested in the environment mentioned in
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376839 .
I'll make an upload to Debian; the current state is quite broken anyhow, so I
guess it can't hurt. :-)
/* Steinar */
--
Homepage: http://www.sesse.net/
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
FWIW, this part is wrong:
> install-exec-hook:
> (cd $(DESTDIR)$(sbindir) && \
> - ln -sf $(sbin_PROGRAMS) mount.nfs4 && \
> - ln -sf $(sbin_PROGRAMS) umount.nfs && \
> - ln -sf $(sbin_PROGRAMS) umount.nfs4)
> + chmod +s $(sbin_PROGRAMS) && \
> + cp $(sbin_PROGRAMS) /sbin/mount.nfs4 && \
> + cp $(sbin_PROGRAMS) /sbin/umount.nfs && \
> + cp $(sbin_PROGRAMS) /sbin/umount.nfs4)
You cannot expect to be able to put stuff directly into /sbin, you'll have to
heed $(DESTDIR).
/* Steinar */
--
Homepage: http://www.sesse.net/
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Fri, Jul 07, 2006 at 03:47:00PM -0400, Amit Gud wrote:
> Please use the attached patch for testing. It varies only in the above
> portion, but that should make a difference.
Say, why is mount.nfs suid root in the first place? I'd expect it only to be
called by mount, which should be suid already...
/* Steinar */
--
Homepage: http://www.sesse.net/
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs