Re: Problems with NFS write of setuid executeables

Dick Streefland (dick_streefland@tasking.com)
Fri, 16 Apr 1999 20:37:41 +0200


On Friday 1999-04-16 18:23, Trond Myklebust wrote:
|
| If it doesn't work with the 0.7.2 patch, do you think you could
| provide me with a tcpdump of the NFS traffic between the client and
| server? I think the problems of flushing of write requests is fixed
| now.

I'm not sure if this is the same problem, but permission checking also
fails in the following cases (note that mount is setuid):

$ mount > x ; ls -l x; sleep 10; ls -l x
-rw-r--r-- 1 dicks sec 3344 Apr 16 20:19 x
-rw-r--r-- 1 dicks sec 0 Apr 16 20:19 x
$ mount > x ; ls -l x; wc x; ls -l x
-rw-r--r-- 1 dicks sec 3344 Apr 16 20:19 x
wc: x: Input/output error
0 0 0 x
-rw-r--r-- 1 dicks sec 0 Apr 16 20:19 x

This is with kernel 2.2.5 + nfsv3-0.7.3 patch, but older 2.1 kernels
have similar behavior. The NFS server is an Alpha running Digital
UNIX. The same example works in the 2.0.36 kernel:

$ mount > x ; ls -l x; sleep 10; ls -l x
-rw-r--r-- 1 dicks sec 3394 Apr 16 20:21 x
-rw-r--r-- 1 dicks sec 3394 Apr 16 20:21 x
$ mount > x ; ls -l x; wc x; ls -l x
-rw-r--r-- 1 dicks sec 3394 Apr 16 20:21 x
39 234 3394 x
-rw-r--r-- 1 dicks sec 3394 Apr 16 20:21 x

I think the problem is that the permissions are checked on every file
operation, although it is sufficient to have appropriate permissions
when the file is opened by the shell.

This effect can also be observed when you redirect the output of
"xinit" to a file located on an NFS server. The output from the window
manager is in the file, but the output from the X server is replaced
with null bytes.

-- 
Dick Streefland                      ////            Tasking Software BV
dick_streefland@tasking.com         (@ @)         http://www.tasking.com
--------------------------------oOO--(_)--OOo---------------------------

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/