[55] in linux-net channel archive
Re: NFS: security problem with root_squash ??
daemon@ATHENA.MIT.EDU (Bernhard Heidegger)
Tue Jan 31 13:19:48 1995
Date: Tue, 31 Jan 1995 16:47:21 +0100 (MET)
From: Bernhard Heidegger <hdg@edvz.tu-graz.ac.at>
To: Karl Keyte <kkeyte@koft.rhein-main.de>
Cc: linux-net@vger.rutgers.edu, linux-kernel@vger.rutgers.edu
In-Reply-To: <Pine.LNX.3.91.950130230155.497A-100000@koft.rhein-main.de>
On Mon, 30 Jan 1995, Karl Keyte wrote:
>
> I have just noticed a problem with NFS mounts. Perhaps it's me!
> If I export a filesystem in /etc/exports with something like:
>
> /home someone(rw,insecure,root_squash)
>
> I understood that this should block the root user at host 'someone'
> from having root access inside /home when mounted. It doesn't!
> It lets that user do anything in that filesystem.
This seems to be a bug in the nfsd code.
I noticed this behavior 3 or 4 month ago, and checked the nfsd source
(from slackware distribution)
Following patch did the job for me; but I don't know, if I'm right and if
the patch applies to all versions. I didn't apply this patch to the latest
nfsd (2.0 I think). Be very careful!
Maybe someone can review the patch.
-------------------------------- cut here ---------------------------------
*** dispatch.c.orig Mon Feb 15 22:40:24 1993
--- dispatch.c Tue Jun 7 18:09:48 1994
***************
*** 138,147 ****
if (dent->credentials) {
int cred_uid, cred_gid;
! if (rqstp->rq_cred.oa_flavor == AUTH_UNIX) {
! struct authunix_parms *unix_cred;
! unix_cred = (struct authunix_parms *) rqstp->rq_clntcred;
cred_uid = unix_cred->aup_uid;
cred_gid = unix_cred->aup_gid;
} else {
--- 138,148 ----
if (dent->credentials) {
int cred_uid, cred_gid;
! struct authunix_parms *unix_cred;
! unix_cred = (struct authunix_parms *) rqstp->rq_clntcred;
! if ( (rqstp->rq_cred.oa_flavor == AUTH_UNIX)&&
! (!cp->o.root_squash || unix_cred->aup_uid) ) {
cred_uid = unix_cred->aup_uid;
cred_gid = unix_cred->aup_gid;
} else {
-------------------------------- cut here ---------------------------------
Bernhard.
---
+----------------------------+-------------------------------+
| hdg@edvz.tu-graz.ac.at | bheide@iicm.tu-graz.ac.at |
+----------------------------+-------------------------------+
| Bernhard Heidegger, Graz University of Technology, Austria |
+------------------------------------------------------------+
Worst day playing is better than best day working!
