ACK: [Natty] SRU: nfsd4: permit read opens of executable-only files
Tim Gardner
tim.gardner at canonical.com
Fri Dec 16 13:55:43 UTC 2011
On 12/16/2011 04:56 AM, Herton Ronaldo Krzesinski wrote:
> On Thu, Dec 15, 2011 at 02:31:39PM -0600, Chris J Arges wrote:
>> SRU Justification
>>
>> Impact:
>>
>> NFSv4 mount point does not allow binary files to run when permissions
>> are set to 111.
>>
>> Fix:
>>
>> Upstream commit a043226bc140a2c1dde162246d68a67e5043e6b2.
>> Applies with minor conflicts.
>>
>> Testcase:
>> Mount a directory using nfsv4. Inside that directory place a binary with
>> ---x--x--x permissions. Try to execute the binary. Without this patch it
>> will not execute.
>>
>> Notes:
>> This patch fixes this issue, but requires support from the nfs client as
>> well. The Natty version of the client will need additional fixes to
>> complete the fix. The upstream maintainer has verified that the kernel
>> is doing the right thing. http://comments.gmane.org/gmane.linux.nfs/43028
>>
>> Thanks,
>> --chris j arges
>
>> From c081b4c32ab604965c4d82438780b967f7c5ad62 Mon Sep 17 00:00:00 2001
>> From: "J. Bruce Fields"<bfields at redhat.com>
>> Date: Thu, 25 Aug 2011 10:48:39 -0400
>> Subject: [PATCH] nfsd4: permit read opens of executable-only files
>>
>> A client that wants to execute a file must be able to read it. Read
>> opens over nfs are therefore implicitly allowed for executable files
>> even when those files are not readable.
>>
>> NFSv2/v3 get this right by using a passed-in NFSD_MAY_OWNER_OVERRIDE on
>> read requests, but NFSv4 has gotten this wrong ever since
>> dc730e173785e29b297aa605786c94adaffe2544 "nfsd4: fix owner-override on
>> open", when we realized that the file owner shouldn't override
>> permissions on non-reclaim NFSv4 opens.
>>
>> So we can't use NFSD_MAY_OWNER_OVERRIDE to tell nfsd_permission to allow
>> reads of executable files.
>>
>> So, do the same thing we do whenever we encounter another weird NFS
>> permission nit: define yet another NFSD_MAY_* flag.
>>
>> The industry's future standardization on 128-bit processors will be
>> motivated primarily by the need for integers with enough bits for all
>> the NFSD_MAY_* flags.
>>
>> Reported-by: Leonardo Borda<leonardoborda at gmail.com>
>> Cc: stable at kernel.org
>> Signed-off-by: J. Bruce Fields<bfields at redhat.com>
>> (cherry picked from commit a043226bc140a2c1dde162246d68a67e5043e6b2)
>>
>> BugLink: http://bugs.launchpad.net/bugs/833300
>>
>> Conflicts:
>>
>> fs/nfsd/vfs.h
>>
>> Signed-off-by: Chris J Arges<chris.j.arges at canonical.com>
>> ---
>> fs/nfsd/nfs4proc.c | 2 ++
>> fs/nfsd/vfs.c | 3 ++-
>> fs/nfsd/vfs.h | 2 ++
>> 3 files changed, 6 insertions(+), 1 deletions(-)
>>
>> diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
>> index 5fcb139..2df5614 100644
>> --- a/fs/nfsd/nfs4proc.c
>> +++ b/fs/nfsd/nfs4proc.c
>> @@ -156,6 +156,8 @@ do_open_permission(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfs
>> !(open->op_share_access& NFS4_SHARE_ACCESS_WRITE))
>> return nfserr_inval;
>>
>> + accmode |= NFSD_MAY_READ_IF_EXEC;
>> +
>> if (open->op_share_access& NFS4_SHARE_ACCESS_READ)
>> accmode |= NFSD_MAY_READ;
>> if (open->op_share_access& NFS4_SHARE_ACCESS_WRITE)
>> diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
>> index 435f407..f0ee82a 100644
>> --- a/fs/nfsd/vfs.c
>> +++ b/fs/nfsd/vfs.c
>> @@ -2104,7 +2104,8 @@ nfsd_permission(struct svc_rqst *rqstp, struct svc_export *exp,
>>
>> /* Allow read access to binaries even when mode 111 */
>> if (err == -EACCES&& S_ISREG(inode->i_mode)&&
>> - acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE))
>> + (acc == (NFSD_MAY_READ | NFSD_MAY_OWNER_OVERRIDE) ||
>> + acc == (NFSD_MAY_READ | NFSD_MAY_READ_IF_EXEC)))
>> err = inode_permission(inode, MAY_EXEC);
>>
>> return err? nfserrno(err) : 0;
>> diff --git a/fs/nfsd/vfs.h b/fs/nfsd/vfs.h
>> index 9a370a5..dbe9ac1 100644
>> --- a/fs/nfsd/vfs.h
>> +++ b/fs/nfsd/vfs.h
>> @@ -21,6 +21,8 @@
>> #define NFSD_MAY_LOCAL_ACCESS 128 /* IRIX doing local access check on device special file*/
>> #define NFSD_MAY_BYPASS_GSS_ON_ROOT 256
>> #define NFSD_MAY_NOT_BREAK_LEASE 512
>> +#define NFSD_MAY_BYPASS_GSS 1024
>> +#define NFSD_MAY_READ_IF_EXEC 2048
>
> Any reason to also add NFSD_MAY_BYPASS_GSS?
>
> Also may be it would be good to settle the client situation on natty
> before, as the patch will not help currently.
>
>>
>> #define NFSD_MAY_CREATE (NFSD_MAY_EXEC|NFSD_MAY_WRITE)
>> #define NFSD_MAY_REMOVE (NFSD_MAY_EXEC|NFSD_MAY_WRITE|NFSD_MAY_TRUNC)
>> --
The patch does seem to have picked up a bit of cruft with
NFSD_MAY_BYPASS_GSS, but its harmless. It can be cleaned up when the
patch is applied.
Herton - I think the kernel has to be in place before user space can
work. This doesn't look like it'll cause any regression.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list