[107] in linux-security and linux-alert archive
NFS patch
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sat Mar 11 12:07:26 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Sat, 11 Mar 1995 15:01:37 +0100 (MET)
Reply-To: linux-security@tarsier.cv.nrao.edu
-----BEGIN PGP SIGNED MESSAGE-----
Hello all,
Here's a patch to nfsd that should fix the hole I've reported earlier.
It's against a clean nfs-server-2.0 source. Could you please check if the
patch breaks anything for you? It works for me, but I wouldn't want to
release it publicly without some sort of double-check.
It does the following things:
* authenticate fh's on every request. Support for it was
there, but didn't work.
* Use setfsuid/setfsgid for setting owner/group on file
access rather than seteuid. As these functions are not
yet in libc-4.6.27, there's a small assembler file
that implements them.
* Implement root_squash and no_root_squash mount options.
I'll upload a full source to linux.nrao.edu later this day and announce it
on linux-alert. Alongside with it, I'll upload the source to the sample
program that demonstrates the bug.
Cheers,
Olaf
- ------------------------- SNIP -----------------------------------
table
`!"#$%&'()*+,-./0123456789:;<=>?
@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_
begin 644 nfsd-patch-2.1.gz
M'XL(`!>H82\``^4;>W_;MO%O]E,@:1Z23:FB'K8DQUD<VW'<V)9_EKVN[3*.z
M)D&),44H?/C1-=]]=WB)DDE929:MV](T(H&[`W`OW!U`+_!]4G-C4JM%]*;Fy
M!R$ED9_4$AI?T[C6K#=^.':N*+;7@VB^R\IW?;>VMK8$TS@?9V3@IL1JDT:Kx
MW^CV6YO$ZO5:W]5JM25DC:&3DF,G)I9%&E;?ZO5;7<3KX'CY/WS\C;:YV2#\w
ME9"CP]?#L]VA86P3)'89,O<JJ;O$3[+$&5%XBJD33IUT#(])&M,X9C$\_A5Pv
M#8.0+`TF%!$F5UX0<_#(F2#>B*9LFNH'*X?DA#",`PW4<5V:<'2616D8)(APu
M.^$`'.$11[B%D;UL*J:@'^`O/`!;.#+UZB[0_\O>V9O#H_TA+(@WUV\1PI[&t
M#!ZA_V#_9+Y_+'[M6R]6\["3:U=0%GAC_2B@@,S;O3/.M.0N2>E$0'CPXV3`s
MJ3'Q\9^0C49!-*J/N?B0[19H4*WV/\=VC9#0%%8P"KQZ\D<519%%;#;-S:ZRr
MB..=D].=`SXK>CME<9K4.V(N7KTK:'=),F8W8LY=(<W!ZQ_Y),`ZDX!%=:8$q
MP;0@F.8[TR)1\F8Y23`M":8EP#2+<WQGY)4<^15YM7-T--C=>05TU534FAFRp
M@'%VV$$4I.K9#6'Z#!!.W@SW;(ZU+=;'B!<DH'SN6$S?24'D;)[SC#RI($X5o
M63:X.#G7)"2O6$Z`+"?8&2):Q6;+[#:45?QWL[[`"MA_DSB\AW<Y:5(+.Y%Hn
M+=K;1,_<MF;UV^U^TRK=UB1*?D=K]JUVO]4HW]&L#1,H\E>DB*]-I5/T-J5Qm
M1((H-0P#V#4)$C=C6;*UV!=36RC=O1XMJL`)@]^HM_7=^CQ`&CLNM9,I8WX.l
M65"+F$<-8TV\V*AE.1!03M#8!$AXU'>R,+5E2PX&]<*>.K$S`3)N&-`HA>X5k
MA26TRBUBLNPJ$YOL-M[$`3EAUX1T2*/=M[K]=FNI[!1>7H"M?K/9;UA+!+C9j
M-:WNAG+!:$2$X.XW0:VOX)-)%(L$#VHOA0Y/&<B@6B7_X'B&.R7;"Y!;O.<3i
M-TX:)I0$/JD\NHK8320A$!M[#6\:`S6_TC#)XQWN,`@8&YU,4W)Y1[*((Q&!h
MU"=/D[]&CTV!B1,.(IK:4<J<REH%G$<&&A]$MN-Y,5FKDF?X4*V*V8"VI1D(g
MMW)R<71453,D<H9"BR5/I![_NWE"?O^=Y/2ZD$47DB'@L213@">`%5"/I.#6f
M!`>_A$TF7^EJS"I4J&[/M'J;2J$0^(<U<NB3&TI&+"5C&E.3I&-Z-YLNYQUQe
M<(.)4SY^G:S]@*B<.>Y4\>`/H#]B^??Y\DFHCER]5)UOO/H_D*:4LZ5(29J-d
MMMEL]&8;!V]H;LZ;W$J3T-"/I\F=.V9.Y(1W29`0B`-&%.)2[[&<XL+DUG%Rc
MZP1_042[8^I>$9_%*!P2,Y!5\C%SDK'<*>I2B#<@0)(PF`@P,Z*>B?AD#;M<b
MEH4>A/K8.YF&=(*\1FH8D'@0OV>P<:`"U.MU$CJPQ=0%\@_X@\*MQ!^3=%I[a
M&7^TW1AC'<?V0^<:)K6]378NSM_:%R>'?X&E/R,N@+$ZSM,6\T3A`QE#,@HWz
MA"P*;G'_FB1DC3\C4;YP`W?/8$LNW]"=X*TJ)02J)#<YV&ARM%`M-8G:2R>;y
MVEG@57FG<;\#!CD9O![L_6Q?'.Z5DQB5D1CE21PH$BBZ2@`=C2T2D!=D`2FDx
M$;2OKRLVE0V9_!J\E\,6C(N]!6-_$IH._R@=`Z-%I?NT<K3`X]'B:$%TE48+w
MHGLATNLT^^V-Y=&"Q+L7[K6;Y=%"<]-L-7-6"Z\M9;.@4B07Y7%)R&8=X.4;v
M%V,[T;?.^W).#9HM1)'A&5D(UZ";[[6!!]86I'<FL?A?<'T-%,!*\9K+(C^`u
M%+6@A)3K*I)`KML89A&/UR`@;C;ZS<T^.+@R"<SAS9>0-OO-)24D:[,#L4DCt
M%W+S!AVL@"O;HSYX)HPK[EA&QLXUQ;R(@N75B=A8OL\B8"-YN_/G?7NX?[X/s
M=HB;U7HYMI^,%/KZ(OJ;(1B"<"5+\+,E^!<"?\GL1S'+IDG)_`_.!A>G0US!r
MRK+.8EHL$N@HES-TWI=RL]S.<ECS,M[HMWK+DJI6V[0VVHU<$.6QB.+3([Y'q
M^5GD@J%@2NK>>$J\^!OS!VCW4N<RI`E8UHQ_)(0-$F(!:$@"CU.%?](8R6USp
M;OZ=`@1YPNEC;$&>_^K4?GO_''YW:K^\?_YWS(X0Q,7]$I)J/ITG_T`$&0'Io
MR<]BH&\P>:U46CO_]<OY'&TJ=1VB;ZE.+3@/\`#@OEL/.0^%.*]9#4CRRS6Kn
MU3/;':55.[LV9]+1X>NSG;.?*[4P2L)J84?"W"N:RKZS_=.CG=U]^\W%R>ZPm
MHDJDNFPJ"J.R+"K+I;***6N855`$-88@\E6J(*?%:R]'A\-S\0I>9;ASL"]>l
M!A?GIQ?G%56X%P4PP0RII?\KS+AO%U_"GA4T7Q?&[@4MLYXBK9_U&N<9!7?Ok
M$MCO&NU^I]MO-4MU/H>V4-_H]=M+"E1M,Y=E@&/2;@EB]AV(0%B<](T]!DF#j
M1WZLD]?@!FALDA>7_.%5DDTA3&?QZ"5',8RS`-*$8>AX5Q1BC1<?XN35#8M#i
MKYZD7MUE$P7W!J/IDSJY=B+R#M)0&@'TC1.F'^BK["?XK9\<U8^S$:0X]<'9h
MP4O8_Q!M$#H^>1?$[AC`V540OYK`W(#ZS67=HX*X'.%\C$D.\],;!S:SB7-Wg
M20G\S1(8&+V8$]V1:19/64(Q+KN&",F3J)B4.)?L&G.6Z5T<C,8IB5@:N+#Of
M)J"LJ8.I#>RVARGAF=1T"IFC5^Q2NCF7\KTG=N]9@&Q4*J"#-B3J&YU.JUW%e
M7.L<<Z((<M1KT*L13)<KLDQZOZ<1:)_8+3+$)-3W9=K0V(*H').U+(XQN8(>d
MZJ8!K.-P+^'XC\A(XXPD#C_OD$&"?0Z95Y**6/[DX.QT^'YKCB1?*T_=G/@.c
MB25R7AB6<E3()(!LC0>EVH_H^.N;<,!//IL!@/+O6'^11G1;8&:ZHOAI2\0`b
M2>J`@A&972ISMF$@&$?XM5_?\VC^$3'X*_95&B;^%P6A^#\+PZHY#V%!OV5Ba
M91Z',+$V[X]-6:R_#VSE@1-\<N)18B;%\//#8[I=/#PX>3:-:2(>.,60L:MLz
M6@P.VX,7!M$58L@)JZ9R!`3&7TX='Y9/]B8.4NHZ$-D\P`0.R(GRIV)HO4#(y
MAQT)+AZ+X6%5G/B,'S&=@,=9#BWV20F.C\O!D5^"UX6,RX,F=Q,-+9]77RC?x
MQ%=>YZ006$D1.I4@X5'+L@2G82)U/\DIBFC@A:\%V[)/SP85<LW$YF^#[9JZw
MG)-<NW9,/Y(U7L6IDNH6]UU=W!)UV>T;V*KP5UAR$]YI=<-%//!;.^?G9P6Hv
M#YDQ8@]+L(N,6LSS;#`X+YGG$@M'S*/!X-W%:0GN4G/GX^[O[!T=GKQ;@E]@u
M_89"?6"%>4_`<7XZ.SS?W]W9?;O_$&?O^0:-7H*YS$_P?0;F6XI<[C3$2H\'t
M?WX(M<"#"-R3G>.'<!?<"6=5B50>="U<_WX^7H*^Q-$@\O&[O<,RQ2]U.GRIs
MQ\6(JS@@J4]E!)9X([Y>,+<W0Q$N?)UK*JR*6%W3:K9RE2^K!PT]?6;`"[!8r
M!@3/]$QZ*0A\73N(/'K[?DN4N/AYC*XZ$I;%$*/'`<^K>-SL0=X53X((JP$\q
M4`9;""ZS%+J9SPOVA+?SI$C<?"$B^<?[.**8SY>$JX&I\%]>)Q;'+S86/K%8p
MZ8+4^?$@'A_F&[=$,<R8T`DPJ_(,9)1A1,:KFA(\'MF8!HJC#5[+QC'1>8)`o
M*^`-HV2J@&^]V)[1T.3T,25@0M9J>]1E'I6X94)H`L];/7U<C!;"!)]<)PS5n
MP57(1C:^BP,--0\T1_6,$/R4JI*;CPBIOU9$M8=%5"L44>US1%1#$7T?^%B(m
M1)NQ!R='/TN6G(H#/>XR:^G=E$).]3&C28IES1N8+R1L&B=_V"<&0G.T613>l
MH8"XIK<ZIJ4J:H5BZ37,9C-WBN]#*B\3`#S`P,<M92-HUYB#,#1%GB9"\H#3k
M\@-P^B2BXF3P4AR#U<E/8P=7,X6D4*88DL(;#H]$D-D\A0%2$H:O1Z5ACV;3j
MR!]FJLP.NG'GQ?,@?8:)_;($4IEUOB"-JNA?..1$Y<!9JZK)4V_^E)<?$2HZi
MIK[85X%_(X::QZ'XJ;:`GV6="BM_<J]F!PNJS%8VFUWYY$;SDR/JQ%51*9J;h
M/G`7D]2Y[7W1:I5<J(T+@9W0VYF\%C(]*;T$573*DB2`.>=5DX^%N1\L$L^=g
M]?M+PO/(*I]E?MTG=.3PW!0L=IR-J$:!Q7NX>-T@EJAO0VC2H!<JY40`9!.,f
M#&[1G4PUVV$GT2FMJ>'7T#LR7Z;>W-75EFM=[0&MJWV>UM56TKJ:UKI:J=;5e
M]/&ZG)VH^VDVF5H/$CE5LE0%!?I]#2R8'?J>G@6NQ9J=S*_@6KAC,+6F90F-d
M%QR#K&@HOY#-^P55PZS,.E<P+5'V7#1\;5M9L6WI>SC2[^A:BT+*F?VGF>]#c
M4S)+_9ZLOI2X/569_3S/P5&^TG7HJM#G>HXW003;^9WY_^L]_A/V5[35-UM@b
MC^W95O])5PSQ]'1>>$(`,J*Z)\*\6=;(HFO,V^42SXEW498YS,_SEZNXR[R+a
M7O`/7SCB,O=0(WG_/'//,^]0$S+XI,K!$(>9S98,UE8X2/$+CE#\DL,3O_C8z
MI%MZ;.(7')A8?6O)%8_6IMG.7?'`U];LS,0P3AV(M=TK8WA#:43OR(OIA^15y
M#'9#X_H[YCE7]=W!L3H%&<08]/YRR6)VDUP%Y`6[_*T4^*N/3!XZ,=G5AQU6x
MK]M%EER1G3H9CIU(G8Q\T:%*H9EVP$P[W=Q=F4[3;&[,]E$/\A>\V`5!_\3Yw
M`$_/2..V`W]`EU\0J[,E@'@79"#S,`WX,\MG.:34>LO$BW`T\QBDO9#.]2%Yv
MN=Y^"KK-7_G3-`FVI0^%3MDC')&:S.]$S*]*_B:ZQ84YX=#5):=EP-(@BEC3u
M[FR8[8VV]F#TUL8J`29:#C_,X$O'H]+*,S>+\4&X^)LQFD^EXH]=@/7'MBC`t
M5<:UE[`D\-+@E_CE/KG7)I(GF`D_]ED6>>3YT^2Y27Q/K1](`3(>U/XI]]PGs
MCU]D$::KWDOEH7FO[TF7D&?WTP0(76:^7Y4U#UXX>IVEY`8S)_!78R<9VT@Yr
MX:E?Q.0>"@/\B0S9A*9C3&51]5)GMG%R5R?W*UBCIB*G/:[G6MZ>VD?[)YP%q
M#94VMCMX,C6[5/G-&#W/#5+,:N20C,F^A.M_&,X6JO2F9;8W-W(GS9MML]UMp
MS:+F.1X!1_T@\M`V0]B7/,)"CZ`7"OG=T(3%*?.!:>H6]F5,G2L5AZK[DD6Eo
M"MB,-3_G;CKJ[P,JNNYAYD&WI4#ES4=IX=B4N^$H0EO0B4=<*<84W&P$<7!5n
MR<K&8JV=,MN/&0P%H'(%?"0>7'%/"MNG4+?B$*>]V07FS1R$=CB:H,HU\DQ%m
MV7/-JVO.B?GR3S]XM0RB35[UMH>'O^"-CN/#<Q7:X<TS%CT'$F&6C'%^_#B4l
MKU$IC30+O@X.QH.+168HX^MVS'8OES>MM`BPGKEUY!S+?VPU12+J-#;,CI7[k
M\J=CM<Q.LYU3^#D=FET1G]G[-K\_OK5,H1_6X7GU5>"&'U,J.5VBT=*29E=Wj
MA:L)G9&^NJJ\CSSN7B&6DQ7&A2!,M!;%<Z)G[DN?9K^M`K3"B$ZBW+NVVUQRi
M":;7Z)@]*W=I5#3DW)/K0$#S/'[>5[*;7=BUYIW0NH9.`)IS<OZV;D/R-^>Th
M!/RUHB[U_;&(P]77@\K9T=L@K32JJ_/[WE=QHK64W^.%"+K=[;<[R_D]7KQFg
MUP&L<GYWN\#=&;?QM;?P59PX$'''0')-91TFJ>`M"\P]LDD5M9;S9#&[.S_;f
M/SL;G,GD;AWS]L+[M',C(6%5(X%QQ+T2S)P,.<ZZNG>R7DSS8`G-T0HT^>7>e
M?8@+0$D$3[DG6D'(N4^;%X63_^JY0-RY;GX__D?(+`@78*,!?T&`FXTBF>?Qd
MY@6/R=.2K^GR][+-EI3Y.JFGP#=D1WT4LLN0V$H2]]I&H@V;G3`81:2-KQJ^c
MSVUK"LXZ-)[22W&L!)LNOD&4JYLTQ.T,XDG%:G6K`./D&KL5Q,%6"8H?ACQIb
MW':%%:>0OAF(,4/[,*+&!=HH?XOH*#3F27)PFR?0NI$83VJ6IL'1^\:431?Ga
MB),Q<2EB%1)@NB4R'?#A9;P9?3UO>O\:WAQ\'6\.OH(W*]B2^E+[WAZE.XKLz
M2'<N>,[6AOQ6H=!SSK!R-H3?$[>7WE&6CO.1<(Z2"+]N\O@B"O#="?G7;$,^y
:E-X_",STL:Q9"\/[$A(6D/@G!\]N!'5$``"1x
`w
end
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQCVAgUBL2GsaOFnVHXv40etAQErywQA3SDyJljchTVUJponW88B6hMUMD004ObK
A0FHrsIk7uI1zeP+TX1OFF03Bn6KGatlTh/mRo+Pvbs+8PX9Md3mGKkg5WH9peOB
7UEBE8x6gfaFtNHOb6O2TTp47Fw0OvjO2wCnn+TKl4D8xNpchNxGSEwTSH/eCK8E
0Tfxev081XY=
=oims
-----END PGP SIGNATURE-----
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
