From danny@cs.huji.ac.il  Tue Jan  7 12:37:55 2014
Return-Path: <danny@cs.huji.ac.il>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by hub.freebsd.org (Postfix) with ESMTPS id B634D9E4
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Jan 2014 12:37:55 +0000 (UTC)
Received: from kabab.cs.huji.ac.il (kabab.cs.huji.ac.il [132.65.116.12])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.freebsd.org (Postfix) with ESMTPS id 682881359
	for <FreeBSD-gnats-submit@freebsd.org>; Tue,  7 Jan 2014 12:37:55 +0000 (UTC)
Received: from rnd.cs.huji.ac.il ([132.65.80.8])
	by kabab.cs.huji.ac.il with esmtp
	id 1W0Vuq-000AQH-P5
	for FreeBSD-gnats-submit@freebsd.org; Tue, 07 Jan 2014 14:37:52 +0200
Received: from danny by rnd.cs.huji.ac.il with local (Exim 4.82 (FreeBSD))
	(envelope-from <danny@cs.huji.ac.il>)
	id 1W0Vuq-000PJQ-Ob
	for FreeBSD-gnats-submit@freebsd.org; Tue, 07 Jan 2014 14:37:52 +0200
Message-Id: <E1W0Vuq-000PJQ-Ob@rnd.cs.huji.ac.il>
Date: Tue, 07 Jan 2014 14:37:52 +0200
From: Daniel Braniss <danny@cs.huji.ac.il>
Reply-To: Daniel Braniss <danny@cs.huji.ac.il>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: rsh failes if home dir is closed and access is via NFS
X-Send-Pr-Version: 3.114
X-GNATS-Notify:

>Number:         185551
>Category:       kern
>Synopsis:       [libc] [patch] rsh(1) fails if home dir is closed and access is via NFS
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 07 12:40:00 UTC 2014
>Closed-Date:    
>Last-Modified:  Wed Apr 16 01:10:47 UTC 2014
>Originator:     Daniel Braniss
>Release:        FreeBSD 9.2-STABLE amd64
>Organization:
>Environment:
System: FreeBSD rnd 9.2-STABLE FreeBSD 9.2-STABLE #63: Fri Oct 18 09:53:29 IDT 2013 danny@rnd:/home/obj/rnd/r+d/stable/9/sys/HUJI amd64

	also on 10.
	
>Description:
	when the home directory of a user is open only to the owner,
	rsh will fail it's mounted via NFS, the  and the host has no root
	permition.
	The problem was diagnosed by Tomer Kleiner <mandor@cs.huji.ac.il>

>How-To-Repeat:
	chmod 700 ~
	rsh some-host-without-root-permitions
>Fix:
	this is not optimal but does fix the problem

diff -r f66afda58cc9 lib/libc/net/rcmd.c
--- a/lib/libc/net/rcmd.c	Sat Jan 04 09:12:21 2014 +0200
+++ b/lib/libc/net/rcmd.c	Mon Jan 06 13:15:01 2014 +0200
@@ -447,6 +447,7 @@
 	FILE *hostf;
 	uid_t uid;
 	int first;
+	int hostlstat;
 	char pbuf[MAXPATHLEN];
 	const struct sockaddr *raddr;
 	struct sockaddr_storage ss;
@@ -482,6 +483,7 @@
 		uid = geteuid();
 		(void)seteuid(pwd->pw_uid);
 		hostf = fopen(pbuf, "r");
+		hostlstat = lstat(pbuf, &sbuf);
 		(void)seteuid(uid);
 
 		if (hostf == NULL)
@@ -491,7 +493,7 @@
 		 * user or root or if writeable by anyone but the owner, quit.
 		 */
 		cp = NULL;
-		if (lstat(pbuf, &sbuf) < 0)
+		if (hostlstat < 0)
 			cp = ".rhosts lstat failed";
 		else if (!S_ISREG(sbuf.st_mode))
 			cp = ".rhosts not regular file";
>Release-Note:
>Audit-Trail:
>Unformatted:
