NetBSD Problem Report #40933
From SRS0=TuSH4uIL=7A=ecs.vuw.ac.nz=mark@mcs.vuw.ac.nz Sun Mar 1 13:03:41 2009
Return-Path: <SRS0=TuSH4uIL=7A=ecs.vuw.ac.nz=mark@mcs.vuw.ac.nz>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id F051263C1DB
for <gnats-bugs@gnats.NetBSD.org>; Sun, 1 Mar 2009 13:03:40 +0000 (UTC)
Message-Id: <200903011303.n21D3aNn024389@paramount.ecs.vuw.ac.nz>
Date: Mon, 2 Mar 2009 02:03:36 +1300 (NZDT)
From: mark@ecs.vuw.ac.nz
Reply-To: mark@ecs.vuw.ac.nz
To: gnats-bugs@gnats.NetBSD.org
Subject: tmpfs and chown issue
X-Send-Pr-Version: 3.95
>Number: 40933
>Category: kern
>Synopsis: tmpfs and chown issue
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Mar 01 13:05:00 +0000 2009
>Closed-Date: Sun Apr 19 19:35:57 +0000 2009
>Last-Modified: Sun Apr 19 19:35:57 +0000 2009
>Originator: Mark Davies
>Release: NetBSD 5.0_RC2
>Organization:
ECS, Victoria Uni. of Wellington, New Zealand.
>Environment:
System: NetBSD paramount.ecs.vuw.ac.nz 5.0_RC2 NetBSD 5.0_RC2 (ECS_SERVER) #0: Sat Feb 14 09:13:20 NZDT 2009 mark@turakirae.ecs.vuw.ac.nz:/local/SAVE/build.obj/src/work/5/src/sys/arch/i386/compile/ECS_SERVER i386
Architecture: i386
Machine: i386
>Description:
chown() on a file run by root seteuid to the owner of the file fails when run on
tmpfs but works on mfs and ffs.
This breaks setting up of the kerberos credential cache from sshd when using pam
and pam_krb5.so and /tmp is a tmpfs.
>How-To-Repeat:
compile the below program (call it foo). On a tmpfs filesystem run as root
touch foobar; chown 1002 foobar; foo
observe that the chown() in foo fails.
repeat on an ffs filesystem or mfs filesystem and observe that it works.
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
main ()
{
setegid(1020);
seteuid(1002);
if (chown ("foobar", 1002, 1020) == -1) {
printf ("failed %s\n", strerror(errno));
} else {
printf ("good\n");
}
}
>Fix:
>Release-Note:
>Audit-Trail:
From: Mark Davies <mark@ecs.vuw.ac.nz>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: kern/40933: tmpfs and chown issue
Date: Wed, 8 Apr 2009 23:24:12 +1200
On Monday 02 March 2009 02:05:01 mark@ecs.vuw.ac.nz wrote:
> >Description:
>
> chown() on a file run by root seteuid to the owner of the file fails
> when run on tmpfs but works on mfs and ffs.
>
> This breaks setting up of the kerberos credential cache from sshd when
> using pam and pam_krb5.so and /tmp is a tmpfs.
So looking at ufs_vnops.c ufs_chown() has these checks:
if ((kauth_cred_geteuid(cred) != ip->i_uid || uid != ip->i_uid ||
(gid != ip->i_gid &&
!(kauth_cred_getegid(cred) == gid ||
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 &&
ismember)))) &&
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0))
return (error);
while in tmpfs_subr.c tmpfs_chown() has:
if ((kauth_cred_geteuid(cred) != node->tn_uid || uid !=
node->tn_uid ||
(gid != node->tn_gid && !(kauth_cred_getegid(cred) ==
node->tn_gid ||
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 &&
ismember)))) &&
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0))
The significant difference being what kauth_cred_getegid(cred) is compared
against.
So the below patch to tmpfs_subr.c fixes the tmpfs behaviour to be
consistent with the other filesystems
Index: tmpfs_subr.c
===================================================================
RCS file: /src/cvs/netbsd/src/sys/fs/tmpfs/tmpfs_subr.c,v
retrieving revision 1.48
diff -u -r1.48 tmpfs_subr.c
--- tmpfs_subr.c 19 Jun 2008 19:03:44 -0000 1.48
+++ tmpfs_subr.c 8 Apr 2009 10:45:27 -0000
@@ -1098,7 +1098,7 @@
* several other file systems. Shouldn't this be centralized
* somewhere? */
if ((kauth_cred_geteuid(cred) != node->tn_uid || uid != node->tn_uid ||
- (gid != node->tn_gid && !(kauth_cred_getegid(cred) == node->tn_gid ||
+ (gid != node->tn_gid && !(kauth_cred_getegid(cred) == gid ||
(kauth_cred_ismember_gid(cred, gid, &ismember) == 0 && ismember))))
&&
((error = kauth_authorize_generic(cred, KAUTH_GENERIC_ISSUSER,
NULL)) != 0))
cheers
mark
From: Mark Davies <markd@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40933 CVS commit: src/sys/fs/tmpfs
Date: Sat, 11 Apr 2009 11:59:05 +0000
Module Name: src
Committed By: markd
Date: Sat Apr 11 11:59:05 UTC 2009
Modified Files:
src/sys/fs/tmpfs: tmpfs_subr.c
Log Message:
For chown make auth checks consistent with UFS. Fixes PR kern/40933.
To generate a diff of this commit:
cvs rdiff -u -r1.49 -r1.50 src/sys/fs/tmpfs/tmpfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Soren Jacobsen <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/40933 CVS commit: [netbsd-5] src/sys/fs/tmpfs
Date: Sun, 12 Apr 2009 02:22:24 +0000
Module Name: src
Committed By: snj
Date: Sun Apr 12 02:22:24 UTC 2009
Modified Files:
src/sys/fs/tmpfs [netbsd-5]: tmpfs_subr.c
Log Message:
Pull up following revision(s) (requested by markd in ticket #689):
sys/fs/tmpfs/tmpfs_subr.c: revision 1.50
For chown make auth checks consistent with UFS. Fixes PR kern/40933.
To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.48.6.1 src/sys/fs/tmpfs/tmpfs_subr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: markd@NetBSD.org
State-Changed-When: Sun, 19 Apr 2009 19:35:57 +0000
State-Changed-Why:
patched and pulled up to netbsd-5.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.