NetBSD Problem Report #39278

From www@NetBSD.org  Sun Aug  3 13:15:18 2008
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by narn.NetBSD.org (Postfix) with ESMTP id BCA4F63BBCF
	for <gnats-bugs@gnats.netbsd.org>; Sun,  3 Aug 2008 13:15:18 +0000 (UTC)
Message-Id: <20080803131518.4048463B975@narn.NetBSD.org>
Date: Sun,  3 Aug 2008 13:15:18 +0000 (UTC)
From: lolabone@ntlworld.com
Reply-To: lolabone@ntlworld.com
To: gnats-bugs@NetBSD.org
Subject: device nodes clobbered if use union-mounted tmpfs or mfs
X-Send-Pr-Version: www-1.0

>Number:         39278
>Category:       kern
>Synopsis:       device nodes clobbered if use union-mounted tmpfs or mfs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Aug 03 13:20:01 +0000 2008
>Last-Modified:  Mon Aug 04 03:01:37 +0000 2008
>Originator:     Lola Bonetti
>Release:        4.99.70 and 4.99.71
>Organization:
>Environment:
NetBSD  4.99.71 NetBSD 4.99.71 (GENERIC) #0: Fri Aug  1 04:23:17 PDT 2008  builds@wb25:/home/builds/ab/HEAD/i386/200808010002Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC i386
>Description:
I am using the functionality in /sbin/init and /dev/MAKEDEV, whereby removal of /dev/console causes /dev to be mounted as tmpfs or mfs. In -CURRENT, MAKEDEV accomplishes this using the union mount option. However, the behaviour of union mounts seems odd. Device nodes (e.g. /dev/tty) in the tmpfs/mfs can be clobbered and replaced by a regular file (e.g. echo hello >/dev/tty). This happens even if the underlying (root) file system is mounted read-only. This prevents cgdconfig from reading its passphrase (the prompt gets redirected to a regular file /dev/tty), and multi-user console login fails with pam errors. There will surely be many other serious repercussions.
>How-To-Repeat:
From fresh install of 4.99.70 or 4.99.71:

Test A:
1. Boot single-user
2. mount -uw /
3. rm -f /dev/console
4. Reboot to multi-user (get pam errors, can't log in)

Test B:
1. Boot single-user
2. cd /dev; sh ./MAKEDEV -MM init
3. ls -l /dev/tty (character device)
4. echo hello >/dev/tty (no output)
5. ls -l /dev/tty (now regular file)
6. cd /; umount /dev
>Fix:
A workaround is as follows. Before removal of /dev/console:

1. Boot single-user
2. mount -uw /
3. vi /dev/MAKEDEV (delete "-o union" from tmpfs and mfs mount commands)
4. Copy /dev/MAKEDEV* to /etc/ if you still want to be able to access them following reboot.

To test:
5. cd /dev; sh ./MAKEDEV -MM init (complains about MAKEDEV.local, but that's to be expected)
6. ls -l /dev/tty (character device)
7. echo hello >/dev/tty (echos to screen)
8. ls -l /dev/tty (still character device)
9. rm -f /dev/console
10. Reboot to multi-user

That's a workaround. The fix will, I suspect, involve mount, and the code that handles the union option.

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: port-i386-maintainer->kern-bug-people
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Mon, 04 Aug 2008 03:01:37 +0000
Responsible-Changed-Why:
The lossage is machine-independent, even though it's triggered by the i386
MAKEDEV script.


>Unformatted:

Home	PR Database Search