* [PATCH] nfsd: allow secinfo to bypass gss checks
@ 2011-06-30 18:47 J. Bruce Fields
0 siblings, 0 replies; only message in thread
From: J. Bruce Fields @ 2011-06-30 18:47 UTC (permalink / raw)
To: linux-nfs
Also planning to queue this up for 3.1.... Objections?
commit ea53eb9a87848610f1a2465881d8ef6ab6c62c59
Author: J. Bruce Fields <bfields@redhat.com>
Date: Wed Jun 29 18:33:11 2011 -0400
nfsd: allow secinfo to bypass gss checks
PUTFH+SECINFO should succeed and return a security list even when using
an authentication flavor not permitted on the given filehandle.
There's the risk of a small information leak here: as part of the
SECINFO, we have to do a lookup. If that lookup fails, we return the
error from that lookup instead of a secinfo list. That allows an
unprivileged user to answer the question "does a file named $x exist in
directory $d" by guessing a filehandle for $d and then sending a secinfo
request for $x and seeing whether or not they get NFS4ERR_NOENT.
To avoid that, we return secinfo for the parent in the NOENT case.
Reported-by: Olga Kornievskaia <aglo@citi.umich.edu>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index 96b6929..4f9c90b 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
@@ -762,19 +762,34 @@ nfsd4_secinfo(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate,
__be32 err;
fh_init(&resfh, NFS4_FHSIZE);
- err = fh_verify(rqstp, &cstate->current_fh, S_IFDIR, NFSD_MAY_EXEC);
+ err = fh_verify(rqstp, &cstate->current_fh, S_IFDIR,
+ NFSD_MAY_EXEC|NFSD_MAY_BYPASS_GSS);
if (err)
return err;
+ /*
+ * XXX: arguably we should do this with elevated privileges, to
+ * ensure consistent results regardless of the cred used by the
+ * client:
+ */
err = nfsd_lookup_dentry(rqstp, &cstate->current_fh,
secinfo->si_name, secinfo->si_namelen,
&exp, &dentry);
if (err)
return err;
if (dentry->d_inode == NULL) {
+ /*
+ * An nfserr_noent return would tell the rpc caller
+ * (who may be unprivileged) that a file by that name
+ * does not exist in this directory. That may be
+ * information we don't want to give out. So return
+ * secinfo list for the parent in that case instead of
+ * failing here.
+ */
exp_put(exp);
- err = nfserr_noent;
- } else
- secinfo->si_exp = exp;
+ exp = cstate->current_fh.fh_export;
+ exp_get(exp);
+ }
+ secinfo->si_exp = exp;
dput(dentry);
if (cstate->minorversion)
/* See rfc 5661 section 2.6.3.1.1.8 */
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2011-06-30 18:47 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-06-30 18:47 [PATCH] nfsd: allow secinfo to bypass gss checks J. Bruce Fields
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).