NetBSD Problem Report #43109

From jld@xlerb.net  Sun Apr  4 00:14:00 2010
Return-Path: <jld@xlerb.net>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 8A04863B11D
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  4 Apr 2010 00:14:00 +0000 (UTC)
Message-Id: <20100404001356.DA1CD15088@planetarium.xlerb.net>
Date: Sat,  3 Apr 2010 20:13:56 -0400 (EDT)
From: jld@panix.com
Reply-To: jld@panix.com
To: gnats-bugs@gnats.NetBSD.org
Subject: rump_ffs does not enforce permissions
X-Send-Pr-Version: 3.95

>Number:         43109
>Category:       lib
>Synopsis:       rump_ffs does not enforce permissions
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jld
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 04 00:15:00 +0000 2010
>Closed-Date:    Sat Dec 19 02:29:40 +0000 2015
>Last-Modified:  Sat Dec 19 02:29:40 +0000 2015
>Originator:     Jed Davis
>Release:        NetBSD 5.0_STABLE
>Organization:
>Environment:
System: NetBSD planetarium.xlerb.net 5.0_STABLE NetBSD 5.0_STABLE (PLANETAR64) #0: Sat Jan 30 14:45:38 EST 2010 jld@planetarium.xlerb.net:/bag/srcs/netbsd-5/sys/arch/amd64/compile/PLANETAR64 amd64
Architecture: x86_64
Machine: amd64
>Description:

rump_ffs -- and probably all the other p2k filesystems -- does not
enforce filesystem permissions.  While the man page does indicate that 
"[i]t is currently considered experimental", it also states that "[a]part
from a minor speed penalty ... there is no difference to using in-kernel
code", and a lack of permissions is a definite difference.

>How-To-Repeat:

newfs -F -s 1M img
mkdir mnt
rump_ffs img mnt
sudo -u nobody -s
cd mnt
cp /bin/sh ./
chown root sh
chmod 4755 sh
./sh
whoami

>Fix:
No idea.

>Release-Note:

>Audit-Trail:

State-Changed-From-To: open->analyzed
State-Changed-By: pooka@NetBSD.org
State-Changed-When: Tue, 06 Apr 2010 16:59:32 +0300
State-Changed-Why:
rump in nb5 is pretty much as-is from the time when the branch was cut.

There are two choices to fix the issue you mention:
a (recommended): Use a rump kernel from -current sources on nb5.
   This is what I do.  It's not difficult, but not it's not a
   one-click solution yet either.  Basically you need to build and
   install src/sys/rump with a toolchain from -current.  Additionally,
   if you want to use the rump_xfs servers, you need a -current
   version of libpuffs, libukfs and libp2k.  I have more detailed
   instructions stashed somewhere, but they've not yet cleared beta
   testing.

b: Probably the following commit is missing from nb5.  If you want to
   apply, test, and pullup, I don't mind.

   http://mail-index.netbsd.org/source-changes/2009/04/16/msg219924.html

Unless you opt for "b", I'd like to close this PR.


Responsible-Changed-From-To: lib-bug-people->pooka
Responsible-Changed-By: pooka@NetBSD.org
Responsible-Changed-When: Wed, 07 Apr 2010 11:33:05 +0300
Responsible-Changed-Why:


State-Changed-From-To: analyzed->feedback
State-Changed-By: pooka@NetBSD.org
State-Changed-When: Wed, 07 Apr 2010 11:33:05 +0300
State-Changed-Why:
actually, this was supposed to go to feedback


From: Jed Davis <jld@panix.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/43109 (rump_ffs does not enforce permissions)
Date: Sun, 11 Apr 2010 15:09:34 -0400

 I've successfully merged the patch in (b) into netbsd-5, and it does
 indeed seem to work.  (The rump_foo in -5 still aren't very usable,
 since they don't daemonize, and when I tried to make them daemonize
 I failed to find the place to do it such that it would actually work
 instead of making the parent spin on locking stuff in exit(), but that's
 mostly outside the scope of this ticket.)  I think I'll request a pullup
 for it anyway, just in case someone tries to use the -5 rump servers as
 provided.

 I do agree that (a) is a good thing to have and a better way to deal with
 this kind of thing in general.

From: Antti Kantee <pooka@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: jld@panix.com
Subject: Re: lib/43109 (rump_ffs does not enforce permissions)
Date: Mon, 12 Apr 2010 17:30:18 +0300

 On Sun Apr 11 2010 at 19:10:05 +0000, Jed Davis wrote:
 >  I've successfully merged the patch in (b) into netbsd-5, and it does
 >  indeed seem to work.  (The rump_foo in -5 still aren't very usable,
 >  since they don't daemonize, and when I tried to make them daemonize
 >  I failed to find the place to do it such that it would actually work
 >  instead of making the parent spin on locking stuff in exit(), but that's
 >  mostly outside the scope of this ticket.)  I think I'll request a pullup
 >  for it anyway, just in case someone tries to use the -5 rump servers as
 >  provided.

 Did you use this?

 http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libp2k/p2k.c.diff?r1=1.5&r2=1.6

From: Jed Davis <jld@panix.com>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/43109 (rump_ffs does not enforce permissions)
Date: Mon, 12 Apr 2010 13:22:45 -0400

 [failure to daemonize]
 >  http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libp2k/p2k.c.diff?r1=1.5&r2=1.6

 Yes, that's the one I tried applying.  I was doing this on a
 not-very-recent netbsd-5 image, so it's possible there's some unrelated
 compatibility issue causing the spinning in exit().  When I have a moment
 I'll try updating things and trying again.

From: Antti Kantee <pooka@NetBSD.org>
To: gnats-bugs@NetBSD.org
Cc: jld@panix.com
Subject: Re: lib/43109 (rump_ffs does not enforce permissions)
Date: Mon, 12 Apr 2010 21:24:48 +0300

 On Mon Apr 12 2010 at 17:25:02 +0000, Jed Davis wrote:
 >  [failure to daemonize]
 >  >  http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libp2k/p2k.c.diff?r1=1.5&r2=1.6
 >  
 >  Yes, that's the one I tried applying.  I was doing this on a
 >  not-very-recent netbsd-5 image, so it's possible there's some unrelated
 >  compatibility issue causing the spinning in exit().  When I have a moment
 >  I'll try updating things and trying again.

 Curious.  I can't recall ever seeing that kind of behaviour.

Responsible-Changed-From-To: pooka->jld
Responsible-Changed-By: pooka@NetBSD.org
Responsible-Changed-When: Mon, 31 May 2010 16:53:40 +0300
Responsible-Changed-Why:
Fixed in -current.  Submitter wanted to handle nb5 pullup.


State-Changed-From-To: feedback->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 23 Dec 2013 23:07:34 +0000
State-Changed-Why:
'feedback' is not the state that means 'awaiting pullup to netbsd-5'.


State-Changed-From-To: open->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 19 Dec 2015 02:29:40 +0000
State-Changed-Why:
-5 is OEL
er, EOL


>Unformatted:

Home	PR Database Search