NetBSD Problem Report #55675
From www@netbsd.org Mon Sep 21 12:05:09 2020
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id B3DC51A9239
for <gnats-bugs@gnats.NetBSD.org>; Mon, 21 Sep 2020 12:05:09 +0000 (UTC)
Message-Id: <20200921120508.46FB11A923D@mollari.NetBSD.org>
Date: Mon, 21 Sep 2020 12:05:08 +0000 (UTC)
From: roy@marples.name
Reply-To: roy@marples.name
To: gnats-bugs@NetBSD.org
Subject: ZFS mounts do not work with setuid programs
X-Send-Pr-Version: www-1.0
>Number: 55675
>Category: kern
>Synopsis: ZFS mounts do not work with setuid programs
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: hannken
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Sep 21 12:10:00 +0000 2020
>Closed-Date: Mon Oct 12 11:09:46 +0000 2020
>Last-Modified: Mon Oct 12 11:09:46 +0000 2020
>Originator: Roy Marples
>Release: 9.99.73
>Organization:
>Environment:
NetBSD cube.marples.name 9.99.73 NetBSD 9.99.73 (GENERIC) #2: Thu Sep 17 11:52:51 BST 2020 roy@cube.marples.name:/home/roy/src/hg/src/sys/arch/amd64/compile/obj.amd64/GENERIC amd64
>Description:
Setup /var/spool on ZFS.
Send an email from a local user.
Look at console or maillog for errors like so:
postdrop: warning: mail_queue_enter: create file maildrop/899911.8834: Permission denied
>How-To-Repeat:
mailx -s test an.email@address < /tmp/email.message
>Fix:
mounting /var/spool/postfix/postdrop as tmpfs solves the issue
>Release-Note:
>Audit-Trail:
From: Brad Spencer <brad@anduin.eldar.org>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Mon, 21 Sep 2020 18:55:12 -0400
roy@marples.name writes:
>>Number: 55675
>>Category: kern
>>Synopsis: ZFS mounts do not work with setuid programs
>>Confidential: no
>>Severity: serious
>>Priority: high
>>Responsible: kern-bug-people
>>State: open
>>Class: sw-bug
>>Submitter-Id: net
>>Arrival-Date: Mon Sep 21 12:10:00 +0000 2020
>>Originator: Roy Marples
>>Release: 9.99.73
>>Organization:
>>Environment:
> NetBSD cube.marples.name 9.99.73 NetBSD 9.99.73 (GENERIC) #2: Thu Sep 17 11:52:51 BST 2020 roy@cube.marples.name:/home/roy/src/hg/src/sys/arch/amd64/compile/obj.amd64/GENERIC amd64
>>Description:
> Setup /var/spool on ZFS.
> Send an email from a local user.
> Look at console or maillog for errors like so:
> postdrop: warning: mail_queue_enter: create file maildrop/899911.8834: Permission denied
>>How-To-Repeat:
> mailx -s test an.email@address < /tmp/email.message
>>Fix:
> mounting /var/spool/postfix/postdrop as tmpfs solves the issue
I don't have a fix and won't be able to look for one in the near future,
but I did test for this problem.
The problem is actually with setgid, not setuid. For postfix, postdrop
is setgid maildrop and relies upon being able to write to
/var/spool/postfix/maildrop in the usual manor when only the group wx
bits are set on that directory. This is what does not work as expected
with a ZFS fileset.
I also tested setuid in a simular situation and it actually works as
expected.
A workaround for Postfix would be to set the read bit on
/var/spool/postfix/maildrop along with write and excute. I don't know
the security implications of doing that, but that should work.
--
Brad Spencer - brad@anduin.eldar.org - KC8VKS - http://anduin.eldar.org
From: Roy Marples <roy@marples.name>
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Tue, 22 Sep 2020 07:45:59 +0100
On 22/09/2020 00:00, Brad Spencer wrote:
> A workaround for Postfix would be to set the read bit on
> /var/spool/postfix/maildrop along with write and excute. I don't know
> the security implications of doing that, but that should work.
That's why I went with a tmpfs mount.
The files in maildrop should be smallish and they don't persist once processed.
The downside is they wont survive a reboot ..... i can live with that and I have
spare RAM right now.
Roy
From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 17:18:56 +0200
--Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
Content-Type: multipart/mixed;
boundary="Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E"
--Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
The attached diff should fix it -- please give it a try.
--
J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig
--Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
Content-Disposition: attachment;
filename=005_groupmember.diff
Content-Type: application/octet-stream;
x-unix-mode=0644;
name="005_groupmember.diff"
Content-Transfer-Encoding: 7bit
groupmember
Stub groupmember() has to test both group list and current group id.
Should fix kern/55675: ZFS mounts do not work with setuid programs
diff -r 24849a7159a2 -r 46d585baea20 external/cddl/osnet/sys/sys/cred.h
--- external/cddl/osnet/sys/sys/cred.h
+++ external/cddl/osnet/sys/sys/cred.h
@@ -70,10 +70,12 @@ extern kauth_cred_t cred0;
static __inline int
groupmember(gid_t gid, cred_t *cr)
{
- int result;
+ int result, error;
- kauth_cred_ismember_gid(cr, gid, &result);
- return result;
+ error = kauth_cred_ismember_gid(cr, gid, &result);
+ if (error)
+ return 0;
+ return (kauth_cred_getegid(cr) == gid || result);
}
#endif /* _KERNEL */
--Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E--
--Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
+uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
+/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
EuNnMqadgX4frXr2tNHZUmkonO7MTQ==
=kcVi
-----END PGP SIGNATURE-----
--Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0--
From: Christos Zoulas <christos@zoulas.com>
To: gnats-bugs@netbsd.org
Cc: kern-bug-people@netbsd.org,
gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org,
roy@marples.name
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 13:23:42 -0400
--Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Perhaps expose groupmember in genfs_vnops.c instead of duplicating?
christos
> On Oct 11, 2020, at 11:20 AM, J. Hannken-Illjes =
<hannken@eis.cs.tu-bs.de> wrote:
>=20
> The following reply was made to PR kern/55675; it has been noted by =
GNATS.
>=20
> From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
> To: gnats-bugs@netbsd.org
> Cc:
> Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
> Date: Sun, 11 Oct 2020 17:18:56 +0200
>=20
> --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
> Content-Type: multipart/mixed;
> boundary=3D"Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E"
>=20
>=20
> --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain;
> charset=3Dus-ascii
>=20
> The attached diff should fix it -- please give it a try.
>=20
> --
> J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig
>=20
>=20
> --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
> Content-Disposition: attachment;
> filename=3D005_groupmember.diff
> Content-Type: application/octet-stream;
> x-unix-mode=3D0644;
> name=3D"005_groupmember.diff"
> Content-Transfer-Encoding: 7bit
>=20
> groupmember
>=20
> Stub groupmember() has to test both group list and current group id.
>=20
> Should fix kern/55675: ZFS mounts do not work with setuid programs
>=20
> diff -r 24849a7159a2 -r 46d585baea20 =
external/cddl/osnet/sys/sys/cred.h
> --- external/cddl/osnet/sys/sys/cred.h
> +++ external/cddl/osnet/sys/sys/cred.h
> @@ -70,10 +70,12 @@ extern kauth_cred_t cred0;
> static __inline int
> groupmember(gid_t gid, cred_t *cr)
> {
> - int result;
> + int result, error;
>=20
> - kauth_cred_ismember_gid(cr, gid, &result);
> - return result;
> + error =3D kauth_cred_ismember_gid(cr, gid, &result);
> + if (error)
> + return 0;
> + return (kauth_cred_getegid(cr) =3D=3D gid || result);
> }
>=20
> #endif /* _KERNEL */
>=20
> --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E--
>=20
> --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: attachment;
> filename=3Dsignature.asc
> Content-Type: application/pgp-signature;
> name=3Dsignature.asc
> Content-Description: Message signed with OpenPGP
>=20
> -----BEGIN PGP SIGNATURE-----
>=20
> iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
> +uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
> +/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
> wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
> zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
> 7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
> EuNnMqadgX4frXr2tNHZUmkonO7MTQ=3D=3D
> =3DkcVi
> -----END PGP SIGNATURE-----
>=20
> --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0--
>=20
--Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCX4M/ngAKCRBxESqxbLM7
OpIWAJ4mEzBlbqo0KQPUttolIVd5kdQs6wCfXL3dEN7qXhUR4kvCMZZxJJYDAeY=
=qbrU
-----END PGP SIGNATURE-----
--Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984--
From: "J. Hannken-Illjes" <hannken@eis.cs.tu-bs.de>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 20:00:59 +0200
--Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
> On 11. Oct 2020, at 19:25, Christos Zoulas <christos@zoulas.com> wrote:
>
> Perhaps expose groupmember in genfs_vnops.c instead of duplicating?
It is not a duplicate. The genfs version returns -1 for non-member,
0 for member or error > 0 on error. The Solaris version returns 0 for
non-member or 1 for member.
We could expose it and use a stub to translate the return value.
--
J. Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig
--Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DSFsACgkQKoaVJdNr
+uEcTwf/f8oycakKyK9g2Z+X2MOurjUqNbRWG0xzbK9jEMicDT8JqZG2raSxarWT
pFG2zjzIpVqIrsp7eW71ynqH2wCR2lKGfgcQ3oFuOYp01EiDai9euHJn0acnrcvL
gkLeJkf6EFCP+XAKsfjv9qJXhTSip+tEHf6+MeVSmNLsjMSr0hM3LmvvTRxbmBMG
UFtoTdF6/woyrgQsWu4LxlUTub1tjWAjEzPH8B+1ZQ7RpV2pQcW8pUrdkwWtMnrn
vDVED7fmbQsLqyKmifc+1laDzdL2i2/Pu/NyR3nPOKtne5ge3cBIyxtEqrag+45m
bZijRhePX7LYAit6ajVz2Wj2xJ2qsA==
=m4ni
-----END PGP SIGNATURE-----
--Apple-Mail=_6B24EB6B-3B07-45CC-BF4C-5734F754CDD4--
From: Roy Marples <roy@marples.name>
To: gnats-bugs@netbsd.org, kern-bug-people@netbsd.org,
gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Cc:
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 21:22:47 +0100
On 11/10/2020 16:20, J. Hannken-Illjes wrote:
> The attached diff should fix it -- please give it a try.
Confirmed to fix it!
Thanks!
Roy
Responsible-Changed-From-To: kern-bug-people->hannken
Responsible-Changed-By: hannken@NetBSD.org
Responsible-Changed-When: Mon, 12 Oct 2020 11:09:46 +0000
Responsible-Changed-Why:
Fixed it.
State-Changed-From-To: open->closed
State-Changed-By: hannken@NetBSD.org
State-Changed-When: Mon, 12 Oct 2020 11:09:46 +0000
State-Changed-Why:
Fixed in -current -- pullup to -9 complete.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.46 2020/01/03 16:35:01 leot Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2020
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.