From owner-freebsd-hackers Tue Feb 12 14: 0: 5 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from scaup.prod.itd.earthlink.net (scaup.mail.pas.earthlink.net [207.217.120.49]) by hub.freebsd.org (Postfix) with ESMTP id 4D21C37B419 for ; Tue, 12 Feb 2002 13:59:30 -0800 (PST) Received: from pool0027.cvx40-bradley.dialup.earthlink.net ([216.244.42.27] helo=mindspring.com) by scaup.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16akxH-0007JQ-00; Tue, 12 Feb 2002 13:59:16 -0800 Message-ID: <3C698FBF.A6B78ACB@mindspring.com> Date: Tue, 12 Feb 2002 13:57:19 -0800 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Miguel Mendez Cc: Eric Windisch , hackers@freebsd.org Subject: Re: Problems with freebsd nfsd and irix client References: <20020212134618.A3422@grokthis.net> <20020212200351.B9BDB3FC1B@energyhq.homeip.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Are you sure that the user making the request is a legal user on the server machine? If not, it's ID will be translated to -2. Perhaps this is an "operator has failed to configure NIS correctly" error? If so, the workaround is probably to specify both -mapall and -alldirs in the exports file (man 5 exports). On the IRIX box, have you applied Patch SG0003771 or one of the other "libc rollup" patches? IRIX getcwd() is known to use stat64() instead of lstat64() prior to this patch; are you sure you are not using symbolic links, and expecting them to work over NFS? I expect this is related to "Bug 439774: getcwd() doesn't give correct path for some autofs mounted files". There's also a limit on the number of groups that are sent over the wire with an NFS request. Don't expect that putting a user in a group on the NFS server will do anything at all about the group membership testing for the same user coming from an NFS client, and don't expect that more than a small number of group memberships (e.g. the first 6) will be looked at by the NFS server. Also, make sure you are using one of the standard shells that comes with IRIX, and not something like "bash", which has a bogus assumption about the inode number returned by getdents matching the inode number returned by "stat"; the "stat" version should be used, since it is local to the machine doing the "stat", whereas the "getdents" value is local to the host machine (POSIX explicitly prohibits using this value, FWIW). Actually, there's a well known root exploit that uses a getcwd() buffer overflow against IRIX, which has been corrected in more recent versions. Perhaps it is this buffer overflow attack against the IRIX client which is failing? 8-) 8-). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message