From vladimir@math.uic.edu Thu Nov  4 12:57:33 1999
Return-Path: <vladimir@math.uic.edu>
Received: from galileo.math.uic.edu (galileo.math.uic.edu [131.193.179.162])
	by hub.freebsd.org (Postfix) with SMTP id 552C415142
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  4 Nov 1999 12:57:28 -0800 (PST)
	(envelope-from vladimir@math.uic.edu)
Received: (qmail 38653 invoked by uid 31415); 4 Nov 1999 20:56:36 -0000
Message-Id: <19991104205636.38652.qmail@galileo.math.uic.edu>
Date: 4 Nov 1999 20:56:36 -0000
From: vladimir@math.uic.edu
Reply-To: vladimir@math.uic.edu
To: FreeBSD-gnats-submit@freebsd.org
Subject: problems with access bits on NFS mounted directories, nfs vers 2
X-Send-Pr-Version: 3.2

>Number:         14712
>Category:       kern
>Synopsis:       [nfs] root has access to NFS mounted directories with maproot=nobody
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    remko
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov  4 13:00:01 PST 1999
>Closed-Date:    Sat Jan 27 19:00:31 GMT 2007
>Last-Modified:  Sat Jan 27 19:00:31 GMT 2007
>Originator:     Vladimir V. Egorin
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
University of Illinois at Chicago, Department of Mathematics
>Environment:

NFS server running FreeBSD 3.3-STABLE.   NFS client running Solaris 7
(the same problem is reproducible on linux machines).

>Description:

Root on a client is allowed to list the directory contents, even if 
the mode of the directory is 711.     Directory is NFS-mounted
using NFS vers.2.

>How-To-Repeat:

galileo: BSD NFS server 
galois: NFS client (solaris 7)
On galileo:
$ ls -ld /export/4/magma
drwx--x--x  7 magma  math  512 Nov  1 15:36 /export/4/magma/

On galois:

# mount -o vers=2 galileo:/export/4 /mnt
# ls /mnt/magma
LAB_HOME/     Magma2.3/     Magma2.6/     public_html@
Magma2.2/     Magma2.4/     Mailbox
# umount /mnt 
# mount -o vers=3 galileo:/export/4 /mnt
# ls /mnt/magma
/mnt/magma: Permission denied

NFS version 3 mount produces expected results.   With NFS v.2
root is allowed to access directory.




>Fix:
	
	Don't know.    I also have 2 linux clients mounting directories
from the same server.    root on one of them has access to restricted
directories, on the other it has no access (kernels have different versions).

I'll be happy to provide tcpdump output of NFS packets and any other
additional informations.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: mike 
State-Changed-When: Fri Jul 20 19:32:27 PDT 2001 
State-Changed-Why:  

Does this problem still occur in newer versions of FreeBSD, 
such as 4.3-RELEASE? 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712 

From: Mike Barcroft <mike@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/14712: root has access to NFS mounted directories with maproot=nobody
Date: Sat, 21 Jul 2001 13:23:29 -0400

 Adding to Audit-Trail.
 
 On Sat, Jul 21, 2001 at 09:59:54AM -0500, Vladimir V. Egorin wrote:
 > On Fri, Jul 20, 2001 at 07:32:47PM -0700, mike@FreeBSD.org wrote:
 > 	> Synopsis: root has access to NFS mounted directories with maproot=nobody
 > 	> 
 > 	> State-Changed-From-To: open->feedback
 > 	> State-Changed-By: mike
 > 	> State-Changed-When: Fri Jul 20 19:32:27 PDT 2001
 > 	> State-Changed-Why: 
 > 	> 
 > 	> Does this problem still occur in newer versions of FreeBSD,
 > 	> such as 4.3-RELEASE?
 > 	> 
 > 	> http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712
 > 
 > The problem is still there:
 > 
 > On the NFS server:
 > # ls -ld /var/test
 > drwx--x--x  2 root  wheel  512 Jul 21 09:55 /var/test
 > # touch /var/test/file
 > 
 > On the NFS server:
 > /var is shared: (/etc/exports)
 > /var -maproot=nobody
 > 
 > 
 > On the client:
 > 
 > # mount -o vers=3 hopper:/var /mnt
 > # ls /mnt/test
 > /mnt/test: Permission denied
 > 
 > 
 > # umount /mnt
 > # mount -o vers=2 hopper:/var /mnt
 > # ls /mnt/test
 > file
 > 
 > Please let me know if you need any debugging help.
 > -- 
 > Vladimir

From: Mike Barcroft <mike@FreeBSD.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: kern/14712: root has access to NFS mounted directories with maproot=nobody
Date: Sat, 21 Jul 2001 13:24:31 -0400

 Adding to Audit-Trail.
 
 On Sat, Jul 21, 2001 at 10:02:23AM -0500, Vladimir V. Egorin wrote:
 > Forgot to add: the system (NFS server) is running 
 > 4.3-STABLE (cvsup'ed on Jun 5).
 > 
 > 
 > -- 
 > Vladimir
Responsible-Changed-From-To: freebsd-bugs->iedowse 
Responsible-Changed-By: mike 
Responsible-Changed-When: Sat Jul 21 10:32:36 PDT 2001 
Responsible-Changed-Why:  

Sending PR to Ian Dowse <iedowse@FreeBSD.org>.  Ian, I'm hoping you'll 
be able to solve this longstanding problem with NFS. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712 
State-Changed-From-To: feedback->analyzed 
State-Changed-By: mike 
State-Changed-When: Sat Jul 21 10:35:34 PDT 2001 
State-Changed-Why:  

Originator's comments are in the Audit-Trail. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712 
State-Changed-From-To: analyzed->feedback 
State-Changed-By: remko 
State-Changed-When: Sat Dec 30 11:22:23 UTC 2006 
State-Changed-Why:  
Hello, is nfsv2 still in use? 


Responsible-Changed-From-To: iedowse->remko 
Responsible-Changed-By: remko 
Responsible-Changed-When: Sat Dec 30 11:22:23 UTC 2006 
Responsible-Changed-Why:  
grab the pr to get feedback. i noticed the behaviour is still there 
probably because of lacking information in v2 (which is there in v3 
and later). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=14712 
State-Changed-From-To: feedback->closed 
State-Changed-By: remko 
State-Changed-When: Sat Jan 27 19:00:29 UTC 2007 
State-Changed-Why:  
feedback timeout 

http://www.freebsd.org/cgi/query-pr.cgi?pr=14712 
>Unformatted:
 Vladimir V. Egorin
