From owner-freebsd-current@FreeBSD.ORG  Thu Jun  4 10:28:33 2009
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A75EA106566C;
	Thu,  4 Jun 2009 10:28:33 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 7C24E8FC15;
	Thu,  4 Jun 2009 10:28:33 +0000 (UTC)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [65.122.17.41])
	by cyrus.watson.org (Postfix) with ESMTPS id 327E546B29;
	Thu,  4 Jun 2009 06:28:33 -0400 (EDT)
Date: Thu, 4 Jun 2009 11:28:33 +0100 (BST)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: Doug Rabson <dfr@rabson.org>
In-Reply-To: <942C18EE-0453-4568-B835-8379966F0B8A@rabson.org>
Message-ID: <alpine.BSF.2.00.0906041126510.74158@fledge.watson.org>
References: <20090601182012.GA21543@darkthrone.kvedulv.de>
	<20090603121307.GA15659@hades.panopticon>
	<20090603152810.GA21014@atarininja.org>
	<20090603160945.GC21014@atarininja.org>
	<20090603184215.L12292@maildrop.int.zabbadoz.net>
	<942C18EE-0453-4568-B835-8379966F0B8A@rabson.org>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: dfr@freebsd.org, Dmitry Marakasov <amdmi3@amdmi3.ru>,
	freebsd-current@freebsd.org, Michael Moll <kvedulv@kvedulv.de>,
	Wesley Shields <wxs@FreeBSD.org>, "Bjoern A. Zeeb" <bz@FreeBSD.org>,
	Jamie Gritton <jamie@FreeBSD.org>
Subject: Re: Kernel panic when accessing ZFS-Filesystem via NFS
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
	<freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
	<mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
	<mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Jun 2009 10:28:34 -0000

On Thu, 4 Jun 2009, Doug Rabson wrote:

>> I would start looking at svc_getcred() and blame at least the AUTH_UNIX 
>> case;  end of rpc/svc_auth.c.  This looks like a big NO-NO. I am pretty 
>> sure I'd also want to audit svc_rpc_gss(), just in case.
>
> The NFS server is creating a ucred which describes the privileges to be 
> given to the remote user. What is the correct way to do this and where can I 
> read the documentation?

In practice, all credentials in the system are (often quite indirectly) 
derived from one of two root credentials, those belong to swapper and init. 
Typical practice, on initializing a kernel service, is to take an additional 
reference on the credential that configured the service and derive future 
credentials from it.  I think this is what the old NFS code did, presumably 
either directly borrowing a proc 0 credential, or from the syscall turning on 
the NFS server.

Robert N M Watson
Computer Laboratory
University of Cambridge