NetBSD Problem Report #55675

From www@netbsd.org  Mon Sep 21 12:05:09 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id B3DC51A9239
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 21 Sep 2020 12:05:09 +0000 (UTC)
Message-Id: <20200921120508.46FB11A923D@mollari.NetBSD.org>
Date: Mon, 21 Sep 2020 12:05:08 +0000 (UTC)
From: roy@marples.name
Reply-To: roy@marples.name
To: gnats-bugs@NetBSD.org
Subject: ZFS mounts do not work with setuid programs
X-Send-Pr-Version: www-1.0

>Number:         55675
>Category:       kern
>Synopsis:       ZFS mounts do not work with setuid programs
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    hannken
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 21 12:10:00 +0000 2020
>Closed-Date:    Mon Oct 12 11:09:46 +0000 2020
>Last-Modified:  Mon Oct 12 11:09:46 +0000 2020
>Originator:     Roy Marples
>Release:        9.99.73
>Organization:
>Environment:
NetBSD cube.marples.name 9.99.73 NetBSD 9.99.73 (GENERIC) #2: Thu Sep 17 11:52:51 BST 2020  roy@cube.marples.name:/home/roy/src/hg/src/sys/arch/amd64/compile/obj.amd64/GENERIC amd64
>Description:
Setup /var/spool on ZFS.
Send an email from a local user.
Look at console or maillog for errors like so:
postdrop: warning: mail_queue_enter: create file maildrop/899911.8834: Permission denied
>How-To-Repeat:
mailx -s test an.email@address < /tmp/email.message
>Fix:
mounting /var/spool/postfix/postdrop as tmpfs solves the issue

>Release-Note:

>Audit-Trail:
From: Brad Spencer <brad@anduin.eldar.org>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Mon, 21 Sep 2020 18:55:12 -0400

 roy@marples.name writes:

 >>Number:         55675
 >>Category:       kern
 >>Synopsis:       ZFS mounts do not work with setuid programs
 >>Confidential:   no
 >>Severity:       serious
 >>Priority:       high
 >>Responsible:    kern-bug-people
 >>State:          open
 >>Class:          sw-bug
 >>Submitter-Id:   net
 >>Arrival-Date:   Mon Sep 21 12:10:00 +0000 2020
 >>Originator:     Roy Marples
 >>Release:        9.99.73
 >>Organization:
 >>Environment:
 > NetBSD cube.marples.name 9.99.73 NetBSD 9.99.73 (GENERIC) #2: Thu Sep 17 11:52:51 BST 2020  roy@cube.marples.name:/home/roy/src/hg/src/sys/arch/amd64/compile/obj.amd64/GENERIC amd64
 >>Description:
 > Setup /var/spool on ZFS.
 > Send an email from a local user.
 > Look at console or maillog for errors like so:
 > postdrop: warning: mail_queue_enter: create file maildrop/899911.8834: Permission denied
 >>How-To-Repeat:
 > mailx -s test an.email@address < /tmp/email.message
 >>Fix:
 > mounting /var/spool/postfix/postdrop as tmpfs solves the issue

 I don't have a fix and won't be able to look for one in the near future,
 but I did test for this problem.

 The problem is actually with setgid, not setuid.  For postfix, postdrop
 is setgid maildrop and relies upon being able to write to
 /var/spool/postfix/maildrop in the usual manor when only the group wx
 bits are set on that directory.  This is what does not work as expected
 with a ZFS fileset.

 I also tested setuid in a simular situation and it actually works as
 expected.

 A workaround for Postfix would be to set the read bit on
 /var/spool/postfix/maildrop along with write and excute.  I don't know
 the security implications of doing that, but that should work.


 -- 
 Brad Spencer - brad@anduin.eldar.org - KC8VKS - http://anduin.eldar.org

From: Roy Marples <roy@marples.name>
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
 gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Tue, 22 Sep 2020 07:45:59 +0100

 On 22/09/2020 00:00, Brad Spencer wrote:
 >   A workaround for Postfix would be to set the read bit on
 >   /var/spool/postfix/maildrop along with write and excute.  I don't know
 >   the security implications of doing that, but that should work.

 That's why I went with a tmpfs mount.
 The files in maildrop should be smallish and they don't persist once processed.
 The downside is they wont survive a reboot ..... i can live with that and I have 
 spare RAM right now.

 Roy

From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 17:18:56 +0200

 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
 Content-Type: multipart/mixed;
 	boundary="Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E"


 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 The attached diff should fix it -- please give it a try.

 --
 J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig


 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
 Content-Disposition: attachment;
 	filename=005_groupmember.diff
 Content-Type: application/octet-stream;
 	x-unix-mode=0644;
 	name="005_groupmember.diff"
 Content-Transfer-Encoding: 7bit

 groupmember

 Stub groupmember() has to test both group list and current group id.

 Should fix kern/55675: ZFS mounts do not work with setuid programs

 diff -r 24849a7159a2 -r 46d585baea20 external/cddl/osnet/sys/sys/cred.h
 --- external/cddl/osnet/sys/sys/cred.h
 +++ external/cddl/osnet/sys/sys/cred.h
 @@ -70,10 +70,12 @@ extern kauth_cred_t	cred0;
  static __inline int
  groupmember(gid_t gid, cred_t *cr) 
  {
 -	int result;
 +	int result, error;

 -	kauth_cred_ismember_gid(cr, gid, &result);
 -	return result;
 +	error = kauth_cred_ismember_gid(cr, gid, &result);
 +	if (error)
 +		return 0;
 +	return (kauth_cred_getegid(cr) == gid || result);
  }

  #endif	/* _KERNEL */

 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E--

 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
 +uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
 +/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
 wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
 zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
 7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
 EuNnMqadgX4frXr2tNHZUmkonO7MTQ==
 =kcVi
 -----END PGP SIGNATURE-----

 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0--

From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
 gnats-admin@netbsd.org,
 netbsd-bugs@netbsd.org,
 roy@marples.name
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 13:23:42 -0400

 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset=us-ascii

 Perhaps expose groupmember in genfs_vnops.c instead of duplicating?

 christos

 > On Oct 11, 2020, at 11:20 AM, J. Hannken-Illjes =
 <hannken@eis.cs.tu-bs.de> wrote:
 >=20
 > The following reply was made to PR kern/55675; it has been noted by =
 GNATS.
 >=20
 > From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
 > To: gnats-bugs@netbsd.org
 > Cc:
 > Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
 > Date: Sun, 11 Oct 2020 17:18:56 +0200
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
 > Content-Type: multipart/mixed;
 > 	boundary=3D"Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E"
 >=20
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
 > Content-Transfer-Encoding: 7bit
 > Content-Type: text/plain;
 > 	charset=3Dus-ascii
 >=20
 > The attached diff should fix it -- please give it a try.
 >=20
 > --
 > J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig
 >=20
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
 > Content-Disposition: attachment;
 > 	filename=3D005_groupmember.diff
 > Content-Type: application/octet-stream;
 > 	x-unix-mode=3D0644;
 > 	name=3D"005_groupmember.diff"
 > Content-Transfer-Encoding: 7bit
 >=20
 > groupmember
 >=20
 > Stub groupmember() has to test both group list and current group id.
 >=20
 > Should fix kern/55675: ZFS mounts do not work with setuid programs
 >=20
 > diff -r 24849a7159a2 -r 46d585baea20 =
 external/cddl/osnet/sys/sys/cred.h
 > --- external/cddl/osnet/sys/sys/cred.h
 > +++ external/cddl/osnet/sys/sys/cred.h
 > @@ -70,10 +70,12 @@ extern kauth_cred_t	cred0;
 >  static __inline int
 >  groupmember(gid_t gid, cred_t *cr)
 >  {
 > -	int result;
 > +	int result, error;
 >=20
 > -	kauth_cred_ismember_gid(cr, gid, &result);
 > -	return result;
 > +	error =3D kauth_cred_ismember_gid(cr, gid, &result);
 > +	if (error)
 > +		return 0;
 > +	return (kauth_cred_getegid(cr) =3D=3D gid || result);
 >  }
 >=20
 >  #endif	/* _KERNEL */
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E--
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
 > Content-Transfer-Encoding: 7bit
 > Content-Disposition: attachment;
 > 	filename=3Dsignature.asc
 > Content-Type: application/pgp-signature;
 > 	name=3Dsignature.asc
 > Content-Description: Message signed with OpenPGP
 >=20
 > -----BEGIN PGP SIGNATURE-----
 >=20
 > iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
 > +uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
 > +/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
 > wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
 > zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
 > 7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
 > EuNnMqadgX4frXr2tNHZUmkonO7MTQ=3D=3D
 > =3DkcVi
 > -----END PGP SIGNATURE-----
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0--
 >=20


 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org

 iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCX4M/ngAKCRBxESqxbLM7
 OpIWAJ4mEzBlbqo0KQPUttolIVd5kdQs6wCfXL3dEN7qXhUR4kvCMZZxJJYDAeY=
 =qbrU
 -----END PGP SIGNATURE-----

 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984--

From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 20:00:59 +0200

 --Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii

 > On 11. Oct 2020, at 19:25, Christos Zoulas <christos@zoulas.com> wrote:
 > 
 > Perhaps expose groupmember in genfs_vnops.c instead of duplicating?

 It is not a duplicate.  The genfs version returns -1 for non-member,
 0 for member or error > 0 on error.  The Solaris version returns 0 for
 non-member or 1 for member.

 We could expose it and use a stub to translate the return value.

 --
 J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig

 --Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP

 -----BEGIN PGP SIGNATURE-----

 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DSFsACgkQKoaVJdNr
 +uEcTwf/f8oycakKyK9g2Z+X2MOurjUqNbRWG0xzbK9jEMicDT8JqZG2raSxarWT
 pFG2zjzIpVqIrsp7eW71ynqH2wCR2lKGfgcQ3oFuOYp01EiDai9euHJn0acnrcvL
 gkLeJkf6EFCP+XAKsfjv9qJXhTSip+tEHf6+MeVSmNLsjMSr0hM3LmvvTRxbmBMG
 UFtoTdF6/woyrgQsWu4LxlUTub1tjWAjEzPH8B+1ZQ7RpV2pQcW8pUrdkwWtMnrn
 vDVED7fmbQsLqyKmifc+1laDzdL2i2/Pu/NyR3nPOKtne5ge3cBIyxtEqrag+45m
 bZijRhePX7LYAit6ajVz2Wj2xJ2qsA==
 =m4ni
 -----END PGP SIGNATURE-----

 --Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4--

From: Roy Marples <roy@marples.name>
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
 gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc: 
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 21:22:47 +0100

 On 11/10/2020 16:20, J. Hannken-Illjes wrote:
 >   The attached diff should fix it -- please give it a try.

 Confirmed to fix it!
 Thanks!

 Roy

Responsible-Changed-From-To: kern-bug-people->hannken
Responsible-Changed-By: hannken@NetBSD.org
Responsible-Changed-When: Mon, 12 Oct 2020 11:09:46 +0000
Responsible-Changed-Why:
Fixed it.


State-Changed-From-To: open->closed
State-Changed-By: hannken@NetBSD.org
State-Changed-When: Mon, 12 Oct 2020 11:09:46 +0000
State-Changed-Why:
Fixed in -current -- pullup to -9 complete.


>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.