From pdp@nl.demon.net  Fri Oct 19 08:15:25 2001
Return-Path: <pdp@nl.demon.net>
Received: from hermes.mail.nl.demon.net (hermes.mail.nl.demon.net [194.159.72.197])
	by hub.freebsd.org (Postfix) with ESMTP id 8F1D137B401
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 19 Oct 2001 08:15:24 -0700 (PDT)
Received: from samhain.noc.nl.demon.net ([194.159.72.214])
	by hermes.mail.nl.demon.net with esmtp (Exim 3.31 #1)
	id 15ubMp-000LmP-00
	for FreeBSD-gnats-submit@freebsd.org; Fri, 19 Oct 2001 17:15:23 +0200
Received: by samhain.noc.nl.demon.net with local id 15ubMp-000DN9-00
	for FreeBSD-gnats-submit@freebsd.org; Fri, 19 Oct 2001 15:15:23 +0000
Message-Id: <E15ubMp-000DN9-00@samhain.noc.nl.demon.net>
Date: Fri, 19 Oct 2001 15:15:23 +0000
From: pdp@nl.demon.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: "cd .." at mount-point uses perms of dir under mount
X-Send-Pr-Version: 3.2

>Number:         31375
>Category:       kern
>Synopsis:       "cd .." at mount-point uses perms of dir under mount
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 19 08:20:00 PDT 2001
>Closed-Date:    Sat Oct 20 04:34:20 PDT 2001
>Last-Modified:  Sat Oct 20 04:40:01 PDT 2001
>Originator:     Phil Pennock
>Release:        FreeBSD 4.4-STABLE i386
>Organization:
Demon Internet Netherlands
>Environment:
System built to RELENG_4, cvsup'd 2001-10-17.
Kernel config available upon request.
Filesystems used are ufs.
>Description:
It appears that when determining where ".." is, in a directory which is
a mount-point, the file-permissions of the underlying directory are used,
rather than the permissions of the mounted directory.  See below for
evidence backing this analysis.

Found because it breaks /etc/periodic/weekly/310.locate

Note that the practice of "chmod 0 /a/mountpoint" is not unusual.

Workaround: change permissions of mountpoints
>How-To-Repeat:
# mkdir /d/mounthere
# touch /d/mounthere/NOTHING_MOUNTED_HERE
# chmod 0 /d/mounthere
[ have a relevant filesystem in /etc/fstab, or choose one ]
# mount /d/mounthere
# su -m nobody
$ cd /d/mounthere
$ pwd
/d/mounthere
$ ls -ld .
drwxr-xr-x  2 root  wheel  512 Oct 18 20:42 .
$ cd ..
cd: can't cd to ..
$ <control-D>
# umount /d/mounthere
# chmod 555 /d/mounthere
# mount /d/mounthere
# su -m nobody
$ cd /d/mounthere
$ cd ..
$ pwd
/d
$

>Fix:
Unknown
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Sat Oct 20 04:34:20 PDT 2001 
State-Changed-Why:  
Not a bug. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31375 

From: Dag-Erling Smorgrav <des@ofug.org>
To: pdp@nl.demon.net
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: kern/31375: "cd .." at mount-point uses perms of dir under mount
Date: 20 Oct 2001 13:33:59 +0200

 pdp@nl.demon.net writes:
 > $ cd /d/mounthere
 > $ pwd
 > /d/mounthere
 > $ ls -ld .
 > drwxr-xr-x  2 root  wheel  512 Oct 18 20:42 .
 > $ cd ..
 > cd: can't cd to ..
 
 This is not a bug.  It happens because the fs you mounted on top of
 /d/mounthere doesn't know shit about the mountpoint or its parent, and
 has no way of returning a vnode to the mountpoint's parent, so (as a
 special case) you have to look up .. in the covered node instead of in
 the covering one.  The error here is in you removing read and search
 permission from the mountpoint.
 
 (another reason why .. must be special-cased is that it is meaningless
 for the root directory, and the one in the root directory of a chroot
 or jail must be hidden from some processes but not others - it
 wouldn't do to rely on the individual vfs to do this)
 
 > Workaround: change permissions of mountpoints
 
 Fix, not workaround.  The permissions of the covered node are *not*
 irrelevant; in some cases (like msdosfs) they even control the
 behaviour of the mounted filesystem.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@ofug.org
>Unformatted:
