Re: [PATCH] nfsd4: readdirplus shouldn't return parent of export

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Bruce Fields <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: 吴异 <wangzhibei1999@gmail.com>,
	"Linux NFS Mailing List" <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] nfsd4: readdirplus shouldn't return parent of export
Date: Tue, 12 Jan 2021 08:50:50 -0500	[thread overview]
Message-ID: <20210112135050.GA9248@fieldses.org> (raw)
In-Reply-To: <BF0A932D-82D7-4698-9BA6-2B5B709E7AE3@oracle.com>

On Tue, Jan 12, 2021 at 08:31:59AM -0500, Chuck Lever wrote:
> 
> 
> > On Jan 11, 2021, at 4:01 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
> > 
> > From: "J. Bruce Fields" <bfields@redhat.com>
> > 
> > If you export a subdirectory of a filesystem, a READDIRPLUS on the root
> > of that export will return the filehandle of the parent with the ".."
> > entry.
> > 
> > The filehandle is optional, so let's just not return the filehandle for
> > ".." if we're at the root of an export.
> > 
> > Note that once the client learns one filehandle outside of the export,
> > they can trivially access the rest of the export using further lookups.
> > 
> > However, it is also not very difficult to guess filehandles outside of
> > the export.  So exporting a subdirectory of a filesystem should
> > considered equivalent to providing access to the entire filesystem.  To
> > avoid confusion, we recommend only exporting entire filesystems.
> > 
> > Reported-by: 吴异 <wangzhibei1999@gmail.com>
> > Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> > ---
> > fs/nfsd/nfs3xdr.c | 7 ++++++-
> > 1 file changed, 6 insertions(+), 1 deletion(-)
> > 
> > diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
> > index 821db21ba072..34b880211e5e 100644
> > --- a/fs/nfsd/nfs3xdr.c
> > +++ b/fs/nfsd/nfs3xdr.c
> > @@ -865,9 +865,14 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
> > 	if (isdotent(name, namlen)) {
> > 		if (namlen == 2) {
> > 			dchild = dget_parent(dparent);
> > -			/* filesystem root - cannot return filehandle for ".." */
> > +			/*
> > +			 * Don't return filehandle for ".." if we're at
> > OA+			 * the filesystem or export root:
> > +			 */
> > 			if (dchild == dparent)
> > 				goto out;
> > +			if (dparent == exp->ex_path.dentry)
> > +				goto out;
> > 		} else
> > 			dchild = dget(dparent);
> > 	} else
> > -- 
> > 2.29.2
> 
> Thanks for the fix!
> 
> I've replaced the Reported-by: tag and pushed this to my
> cel-next topic branch, and intend to submit it with the
> next 5.11 -rc pull request. See:
> 
> https://git.linux-nfs.org/?p=cel/cel-2.6.git;a=shortlog;h=refs/heads/cel-next
> 
> Is there additional context that should be added? A Link:
> tag that points to the discussion on security@ perhaps?

I don't think so.

I guess it should get a stable cc: too.

> Note there was some damage in the patch body: there's a
> spurious "OA" in the hunk that had to be removed before
> the patch would apply.

Whoops, apologies, I'm not sure how that happened....

--b.

next prev parent reply	other threads:[~2021-01-12 13:51 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAHxDmpTKJfnhGY9CVupyVYhNCTDVKBB6KRwh-E6u_XEPJq4WJQ@mail.gmail.com>
     [not found] ` <20210105165633.GC14893@fieldses.org>
     [not found]   ` <X/hEB8awvGyMKi6x@kroah.com>
     [not found]     ` <20210108152017.GA4183@fieldses.org>
     [not found]       ` <CAHxDmpSp1LHzKD5uqbfi+jcnb+nFaAZbc5++E0oOvLsYvyYDpw@mail.gmail.com>
     [not found]         ` <20210108164433.GB8699@fieldses.org>
     [not found]           ` <CAHxDmpSjwrcr_fqLJa5=Zo=xmbt2Eo9dcy6TQuoU8+F3yVVNhw@mail.gmail.com>
     [not found]             ` <20210110201740.GA8789@fieldses.org>
     [not found]               ` <20210110202815.GB8789@fieldses.org>
     [not found]                 ` <CAHxDmpR8S7NR8OU2nWJmWBdFU9a7wDuDnxviQ2E9RDOeW9fExg@mail.gmail.com>
2021-01-11 19:25                   ` nfsd vurlerability submit J. Bruce Fields
2021-01-11 21:01                     ` [PATCH] nfsd4: readdirplus shouldn't return parent of export J. Bruce Fields
2021-01-12 13:31                       ` Chuck Lever
2021-01-12 13:50                         ` Bruce Fields [this message]
     [not found]       ` <20210108152607.GA950@1wt.eu>
     [not found]         ` <20210108153237.GB4183@fieldses.org>
     [not found]           ` <20210108154230.GB950@1wt.eu>
     [not found]             ` <20210111193655.GC2600@fieldses.org>
     [not found]               ` <CAHxDmpR1zG25ADfK2jat4VKGbAOCg6YM_0WA+a_jQE82hbnMjA@mail.gmail.com>
     [not found]                 ` <CAHxDmpRfmVukMR_yF4coioiuzrsp72zBraHWZ8gaMydUuLwKFg@mail.gmail.com>
2021-01-12 15:32                   ` nfsd vurlerability submit J. Bruce Fields
2021-01-12 16:53                     ` Trond Myklebust
2021-01-12 17:20                       ` Patrick Goetz
2021-01-12 18:03                         ` bfields
2021-01-13  8:12                           ` Christoph Hellwig
2021-01-13 14:34                             ` Trond Myklebust
2021-01-13 14:40                               ` hch
2021-01-13 15:16                                 ` Trond Myklebust
2021-01-13 15:30                                   ` hch
2021-01-13 15:45                                     ` Frank Filz
2021-01-21 20:01                           ` Patrick Goetz
2021-01-21 22:04                             ` bfields
2021-01-21 23:19                               ` Patrick Goetz
2021-01-22  1:30                                 ` bfields
2021-01-22 13:20                                   ` Patrick Goetz
2021-01-22 14:48                                     ` Tom Talpey
     [not found]                       ` <CAHxDmpTEBJ1jd_fr3GJ4k7KgzaBpe1LwKgyZn0AJ0D1ESK12fQ@mail.gmail.com>
2021-01-12 17:47                         ` Trond Myklebust
     [not found]                           ` <CAHxDmpTyrG74hOkzmDK834t+JiQduWHVWxCf_7nrDVa++EK2mA@mail.gmail.com>
2021-01-13 14:25                             ` Trond Myklebust
2021-01-14 18:07                               ` bfields
2021-01-14 18:29                                 ` Linus Torvalds
2021-01-14 18:35                                   ` Chuck Lever
2021-01-14 18:37                                     ` Linus Torvalds
2021-01-18 16:29                       ` 吴异
2021-01-18 22:55                         ` bfields
2021-01-19  2:48                           ` 吴异
2021-01-19  3:46                             ` bfields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210112135050.GA9248@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=chuck.lever@oracle.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=wangzhibei1999@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox