NetBSD Problem Report #28479
From gdt@ir.bbn.com Tue Nov 30 17:18:21 2004
Return-Path: <gdt@ir.bbn.com>
Received: from fnord.ir.bbn.com (fnord.ir.bbn.com [192.1.100.210])
by narn.netbsd.org (Postfix) with ESMTP id 0BF9A251F14
for <gnats-bugs@gnats.NetBSD.org>; Tue, 30 Nov 2004 17:18:21 +0000 (UTC)
Message-Id: <20041130171815.0FB492026@fnord.ir.bbn.com>
Date: Tue, 30 Nov 2004 12:18:15 -0500 (EST)
From: gdt@ir.bbn.com
Reply-To: gdt@ir.bbn.com
To: gnats-bugs@netbsd.org
Subject: pkgsrc/security/cfs opens ciphertext for write on read of plaintext
X-Send-Pr-Version: 3.95
>Number: 28479
>Category: pkg
>Synopsis: pkgsrc/security/cfs opens ciphertext for write on read of plaintext
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Nov 30 17:21:00 +0000 2004
>Closed-Date: Mon Mar 21 18:09:46 +0000 2005
>Last-Modified: Mon Mar 21 18:09:46 +0000 2005
>Originator: Greg Troxel
>Release: NetBSD 2.0_RC4
>Organization:
Greg Troxel <gdt@ir.bbn.com>
>Environment:
System: NetBSD fnord.ir.bbn.com 2.0_RC4 NetBSD 2.0_RC4 (SINEW) #33: Wed Oct 20 08:09:03 EDT 2004 root@poblano.ir.bbn.com:/n0/obj/sinew/gdt/i386/sys/arch/i386/compile/SINEW i386
Architecture: i386
Machine: i386
>Description:
[CFS (pkgsrc/security/cfs) keeps ciphertext in the filesystem and
provides a plaintext interface via NFS. Each file operation is
translated to the underlying ciphertext filesystem.]
When reading the plaintext file, CFS opens the ciphertext read-write.
This is probably a workaround for some ancient system. With ffs, the
sequence [open-for-write, read*, close] does not result in the file
being modified.
When using Coda to store ciphertext, this sequence results in a
"Store" operation when the file is closed. This combination of
behaviors is dysfunctional, since reading files while disconnected is
normal with Coda. Writing files is also normal, but the read->write
conversion means that reading the same file on multiple disconnected
systems will result in an eventual write-write conflict when the
disconnected sessions are reintegrated, rather than read-read, which
isn't a conflict at all.
Even when connected, this results in extra store traffic, and the
open-for-write gets an exclusive lock, requiring calling in all the
read (shared) locks on the file.
I reported this to the Coda folks, but it isn't likely to be fixed
soon, since "well, the file was opened for write", and fixing this
would be hard - the lock would have to be upgraded on the first actual
write, and there would perhaps have to be a new "abandon write of file
w/o writing" operation.
CFS is highly useful for privacy on coda, and coda is useful for
disconnected/thin pipe operation. Without the change below, cfs on
coda is almost unusable unless one is never disconncted and always has
~1 Mb/s or more to the server.
>How-To-Repeat:
Create a cfs ciphertext directory in Coda.
Create a few files in cfs.
(or
(begin
Go disconnected.
Read a file in coda (or two - cfs also has a cache).
Checkpoint coda's modification log, and examine it.)
(begin
Ensure coda is connected.
Run 'codacon'.
Read a file or two.
Observe the Store operations.))
>Fix:
Apply attached patch to pkgsrc. This removes the logic that says
"even if opening plaintext for read, open ciphertext for write
anyway".
I have been using this patch for several years, with cfs ciphertext
both in ffs and in Coda. There are some residual issues (the caches
in cfs are not invalidated properly; this hurts more on coda, and with
emacs' clash-detection symlinks), but this patch has not caused me any
problems.
Index: Makefile
===================================================================
RCS file: /NETBSD-CVS/pkgsrc/security/cfs/Makefile,v
retrieving revision 1.19
diff -u -r1.19 Makefile
--- Makefile 3 Aug 2004 04:35:42 -0000 1.19
+++ Makefile 30 Nov 2004 16:22:26 -0000
@@ -1,7 +1,7 @@
# $NetBSD: Makefile,v 1.19 2004/08/03 04:35:42 tv Exp $
DISTNAME= cfs-1.4.1
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= security
MASTER_SITES= http://www.crypto.com/software/
Index: distinfo
===================================================================
RCS file: /NETBSD-CVS/pkgsrc/security/cfs/distinfo,v
retrieving revision 1.7
diff -u -r1.7 distinfo
--- distinfo 2 Aug 2004 17:09:06 -0000 1.7
+++ distinfo 30 Nov 2004 16:22:26 -0000
@@ -9,3 +9,4 @@
SHA1 (patch-ae) = 68b440cda27353d1035bae3002a83d8131087a24
SHA1 (patch-af) = 19bbedcf0c37356dab747087c64617608ff91838
SHA1 (patch-ag) = b9563e2bbade9008d044b9b869822013317f118d
+SHA1 (patch-ah) = 6426888cf462fcd4c0245cb32ae78b7520aaf2d5
Index: patches/patch-ah
===================================================================
RCS file: patches/patch-ah
diff -N patches/patch-ah
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-ah 30 Nov 2004 16:22:26 -0000
@@ -0,0 +1,14 @@
+$NetBSD$
+
+--- cfs_fh.c.orig 2004-11-30 11:19:25.000000000 -0500
++++ cfs_fh.c
+@@ -547,7 +547,9 @@ fhtofd(f,mode)
+ openfd=NULL;
+ }
+
++#if 0
+ if (mode==0) { mode=CFS_WRITE; }
++#endif
+ /* Phil Karn's hack for R/O file systems */
+ if ((fd=open(f->name,mode,0))<0 && errno == EROFS) {
+ mode = CFS_READ; /* Force read and try again */
>Release-Note:
>Audit-Trail:
From: Thomas Klausner <wiz@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: PR/28479 CVS commit: pkgsrc/security/cfs
Date: Mon, 21 Mar 2005 18:08:31 +0000 (UTC)
Module Name: pkgsrc
Committed By: wiz
Date: Mon Mar 21 18:08:31 UTC 2005
Modified Files:
pkgsrc/security/cfs: Makefile distinfo
Added Files:
pkgsrc/security/cfs/patches: patch-ah
Log Message:
Do not open files opened for reading in RW mode. Helps in using
cfs over coda. From Greg Troxel in PR 28479. PKGREVISION++
To generate a diff of this commit:
cvs rdiff -r1.22 -r1.23 pkgsrc/security/cfs/Makefile
cvs rdiff -r1.8 -r1.9 pkgsrc/security/cfs/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/security/cfs/patches/patch-ah
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: wiz@netbsd.org
State-Changed-When: Mon, 21 Mar 2005 18:09:46 +0000
State-Changed-Why:
Committed, thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.