* nfsd patches for 2.6.29
@ 2009-03-18 16:21 J. Bruce Fields
2009-03-18 16:21 ` [PATCH] NFSD: provide encode routine for OP_OPENATTR J. Bruce Fields
0 siblings, 1 reply; 7+ messages in thread
From: J. Bruce Fields @ 2009-03-18 16:21 UTC (permalink / raw)
To: Linus Torvalds; +Cc: linux-nfs, linux-kernel, Igor Zhbanov, Serge Hallyn
The following bugfixes are also available from the for-2.6.29 git
repository at:
git://linux-nfs.org/~bfields/linux.git for-2.6.29
The CAP_MKNOD change should really go into CAP_FS_MASK, but that will be
a user-visible change, and some more deliberation may be required to be
sure we have CAP_FS_MASK exactly right; so I prefer to go ahead with the
one obvious nfsd-specific change now.
--b.
Benny Halevy (1):
NFSD: provide encode routine for OP_OPENATTR
J. Bruce Fields (1):
nfsd: nfsd should drop CAP_MKNOD for non-root
fs/nfsd/nfs4xdr.c | 1 +
include/linux/capability.h | 6 ++++--
2 files changed, 5 insertions(+), 2 deletions(-)
^ permalink raw reply [flat|nested] 7+ messages in thread* [PATCH] NFSD: provide encode routine for OP_OPENATTR 2009-03-18 16:21 nfsd patches for 2.6.29 J. Bruce Fields @ 2009-03-18 16:21 ` J. Bruce Fields 2009-03-18 16:21 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root J. Bruce Fields 0 siblings, 1 reply; 7+ messages in thread From: J. Bruce Fields @ 2009-03-18 16:21 UTC (permalink / raw) To: Linus Torvalds Cc: linux-nfs, linux-kernel, Igor Zhbanov, Serge Hallyn, Benny Halevy, stable, J. Bruce Fields From: Benny Halevy <bhalevy@panasas.com> Although this operation is unsupported by our implementation we still need to provide an encode routine for it to merely encode its (error) status back in the compound reply. Thanks for Bill Baker at sun.com for testing with the Sun OpenSolaris' client, finding, and reporting this bug at Connectathon 2009. This bug was introduced in 2.6.27 Signed-off-by: Benny Halevy <bhalevy@panasas.com> Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> --- fs/nfsd/nfs4xdr.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index f65953b..9250067 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2596,6 +2596,7 @@ static nfsd4_enc nfsd4_enc_ops[] = { [OP_LOOKUPP] = (nfsd4_enc)nfsd4_encode_noop, [OP_NVERIFY] = (nfsd4_enc)nfsd4_encode_noop, [OP_OPEN] = (nfsd4_enc)nfsd4_encode_open, + [OP_OPENATTR] = (nfsd4_enc)nfsd4_encode_noop, [OP_OPEN_CONFIRM] = (nfsd4_enc)nfsd4_encode_open_confirm, [OP_OPEN_DOWNGRADE] = (nfsd4_enc)nfsd4_encode_open_downgrade, [OP_PUTFH] = (nfsd4_enc)nfsd4_encode_noop, -- 1.6.0.4 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root 2009-03-18 16:21 ` [PATCH] NFSD: provide encode routine for OP_OPENATTR J. Bruce Fields @ 2009-03-18 16:21 ` J. Bruce Fields 2009-03-18 17:08 ` Serge E. Hallyn 2009-03-18 22:21 ` James Morris 0 siblings, 2 replies; 7+ messages in thread From: J. Bruce Fields @ 2009-03-18 16:21 UTC (permalink / raw) To: Linus Torvalds Cc: linux-nfs, linux-kernel, Igor Zhbanov, Serge Hallyn, J. Bruce Fields, stable From: J. Bruce Fields <bfields@citi.umich.edu> Since creating a device node is normally an operation requiring special privilege, Igor Zhbanov points out that it is surprising (to say the least) that a client can, for example, create a device node on a filesystem exported with root_squash. So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd thread handles a request from a non-root user. Reported-by: Igor Zhbanov <izh1979@gmail.com> Cc: stable@kernel.org Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> --- include/linux/capability.h | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/linux/capability.h b/include/linux/capability.h index 1b98725..4864a43 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data { # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ - CAP_FS_MASK_B1 } }) +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ + | CAP_TO_MASK(CAP_SYS_RESOURCE) \ + | CAP_TO_MASK(CAP_MKNOD), \ + CAP_FS_MASK_B1 } }) #endif /* _KERNEL_CAPABILITY_U32S != 2 */ -- 1.6.0.4 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root 2009-03-18 16:21 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root J. Bruce Fields @ 2009-03-18 17:08 ` Serge E. Hallyn 2009-03-18 17:32 ` J. Bruce Fields 2009-03-18 22:21 ` James Morris 1 sibling, 1 reply; 7+ messages in thread From: Serge E. Hallyn @ 2009-03-18 17:08 UTC (permalink / raw) To: J. Bruce Fields Cc: Linus Torvalds, linux-nfs, linux-kernel, Igor Zhbanov, J. Bruce Fields, stable Quoting J. Bruce Fields (bfields@fieldses.org): > From: J. Bruce Fields <bfields@citi.umich.edu> > > Since creating a device node is normally an operation requiring special > privilege, Igor Zhbanov points out that it is surprising (to say the > least) that a client can, for example, create a device node on a > filesystem exported with root_squash. > > So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd > thread handles a request from a non-root user. > > Reported-by: Igor Zhbanov <izh1979@gmail.com> > Cc: stable@kernel.org > Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: Serge Hallyn <serue@us.ibm.com> I assume CAP_LINUX_IMMUTABLE simply does not apply to nfs? And, you're adding CAP_FS_MASK_B1 in anticipation of labeled nfs? Though, I was going to send a patch later today or tomorrow (figure I should do some ltp testing) adding CAP_MKNOD to the whole CAP_FS_MASK_B0 (and CAP_LINUX_IMMUTABLE and CAP_FS_MASK_B1 to CAP_FS_SET). That will conflict with this one. thanks, -serge > --- > include/linux/capability.h | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/include/linux/capability.h b/include/linux/capability.h > index 1b98725..4864a43 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data { > # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) > # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) > # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) > -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ > - CAP_FS_MASK_B1 } }) > +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ > + | CAP_TO_MASK(CAP_SYS_RESOURCE) \ > + | CAP_TO_MASK(CAP_MKNOD), \ > + CAP_FS_MASK_B1 } }) > > #endif /* _KERNEL_CAPABILITY_U32S != 2 */ > > -- > 1.6.0.4 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root 2009-03-18 17:08 ` Serge E. Hallyn @ 2009-03-18 17:32 ` J. Bruce Fields 2009-03-18 20:31 ` Igor Zhbanov 0 siblings, 1 reply; 7+ messages in thread From: J. Bruce Fields @ 2009-03-18 17:32 UTC (permalink / raw) To: Serge E. Hallyn Cc: Linus Torvalds, linux-nfs, linux-kernel, Igor Zhbanov, stable On Wed, Mar 18, 2009 at 12:08:43PM -0500, Serge E. Hallyn wrote: > Quoting J. Bruce Fields (bfields@fieldses.org): > > From: J. Bruce Fields <bfields@citi.umich.edu> > > > > Since creating a device node is normally an operation requiring special > > privilege, Igor Zhbanov points out that it is surprising (to say the > > least) that a client can, for example, create a device node on a > > filesystem exported with root_squash. > > > > So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd > > thread handles a request from a non-root user. > > > > Reported-by: Igor Zhbanov <izh1979@gmail.com> > > Cc: stable@kernel.org > > Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> > > Acked-by: Serge Hallyn <serue@us.ibm.com> > > I assume CAP_LINUX_IMMUTABLE simply does not apply to nfs? Right. We shouldn't care how it's set. > And, you're adding CAP_FS_MASK_B1 in anticipation of labeled nfs? That's unchanged (would have been clearer if I hadn't re-line-wrapped in the same patch). > Though, I was going to send a patch later today or tomorrow (figure I > should do some ltp testing) adding CAP_MKNOD to the whole > CAP_FS_MASK_B0 (and CAP_LINUX_IMMUTABLE and CAP_FS_MASK_B1 to > CAP_FS_SET). That will conflict with this one. OK, feel free to revert this at that point if necessary. --b. > > thanks, > -serge > > > --- > > include/linux/capability.h | 6 ++++-- > > 1 files changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/include/linux/capability.h b/include/linux/capability.h > > index 1b98725..4864a43 100644 > > --- a/include/linux/capability.h > > +++ b/include/linux/capability.h > > @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data { > > # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) > > # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) > > # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) > > -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ > > - CAP_FS_MASK_B1 } }) > > +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ > > + | CAP_TO_MASK(CAP_SYS_RESOURCE) \ > > + | CAP_TO_MASK(CAP_MKNOD), \ > > + CAP_FS_MASK_B1 } }) > > > > #endif /* _KERNEL_CAPABILITY_U32S != 2 */ > > > > -- > > 1.6.0.4 ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root 2009-03-18 17:32 ` J. Bruce Fields @ 2009-03-18 20:31 ` Igor Zhbanov 0 siblings, 0 replies; 7+ messages in thread From: Igor Zhbanov @ 2009-03-18 20:31 UTC (permalink / raw) To: J. Bruce Fields Cc: Serge E. Hallyn, Linus Torvalds, linux-nfs, linux-kernel, stable That's good and I'm glad to see patch for CAP_NFSD_MASK in git. Thanks. :-) Waiting for CAP_FS_MASK to be fixed too. By the way, I don't see git repository for 2.4.x kernel. Could you fix 2.4.x too? ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root 2009-03-18 16:21 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root J. Bruce Fields 2009-03-18 17:08 ` Serge E. Hallyn @ 2009-03-18 22:21 ` James Morris 1 sibling, 0 replies; 7+ messages in thread From: James Morris @ 2009-03-18 22:21 UTC (permalink / raw) To: J. Bruce Fields Cc: Linus Torvalds, linux-nfs, linux-kernel, Igor Zhbanov, Serge Hallyn, J. Bruce Fields, stable On Wed, 18 Mar 2009, J. Bruce Fields wrote: > From: J. Bruce Fields <bfields@citi.umich.edu> > > Since creating a device node is normally an operation requiring special > privilege, Igor Zhbanov points out that it is surprising (to say the > least) that a client can, for example, create a device node on a > filesystem exported with root_squash. > > So, make sure CAP_MKNOD is among the capabilities dropped when an nfsd > thread handles a request from a non-root user. > > Reported-by: Igor Zhbanov <izh1979@gmail.com> > Cc: stable@kernel.org > Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu> Acked-by: James Morris <jmorris@namei.org> > --- > include/linux/capability.h | 6 ++++-- > 1 files changed, 4 insertions(+), 2 deletions(-) > > diff --git a/include/linux/capability.h b/include/linux/capability.h > index 1b98725..4864a43 100644 > --- a/include/linux/capability.h > +++ b/include/linux/capability.h > @@ -393,8 +393,10 @@ struct cpu_vfs_cap_data { > # define CAP_FULL_SET ((kernel_cap_t){{ ~0, ~0 }}) > # define CAP_INIT_EFF_SET ((kernel_cap_t){{ ~CAP_TO_MASK(CAP_SETPCAP), ~0 }}) > # define CAP_FS_SET ((kernel_cap_t){{ CAP_FS_MASK_B0, CAP_FS_MASK_B1 } }) > -# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ > - CAP_FS_MASK_B1 } }) > +# define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0 \ > + | CAP_TO_MASK(CAP_SYS_RESOURCE) \ > + | CAP_TO_MASK(CAP_MKNOD), \ > + CAP_FS_MASK_B1 } }) > > #endif /* _KERNEL_CAPABILITY_U32S != 2 */ > > -- > 1.6.0.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- James Morris <jmorris@namei.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2009-03-18 22:28 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-03-18 16:21 nfsd patches for 2.6.29 J. Bruce Fields 2009-03-18 16:21 ` [PATCH] NFSD: provide encode routine for OP_OPENATTR J. Bruce Fields 2009-03-18 16:21 ` [PATCH] nfsd: nfsd should drop CAP_MKNOD for non-root J. Bruce Fields 2009-03-18 17:08 ` Serge E. Hallyn 2009-03-18 17:32 ` J. Bruce Fields 2009-03-18 20:31 ` Igor Zhbanov 2009-03-18 22:21 ` James Morris
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox