From owner-cvs-all@FreeBSD.ORG Fri Jan 11 11:59:05 2008 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AA4B16A417; Fri, 11 Jan 2008 11:59:05 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id DBA2413C455; Fri, 11 Jan 2008 11:59:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 53E2E46CF9; Fri, 11 Jan 2008 06:59:04 -0500 (EST) Date: Fri, 11 Jan 2008 11:59:04 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Alfred Perlstein In-Reply-To: <20080111023628.GB99258@elvis.mu.org> Message-ID: <20080111115353.G63715@fledge.watson.org> References: <200801102336.m0ANa0mP035046@repoman.freebsd.org> <20080111010033.GC52842@elvis.mu.org> <20080111023628.GB99258@elvis.mu.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: cvs-src@freebsd.org, cvs-all@freebsd.org, src-committers@freebsd.org, John Baldwin , Peter Wemm Subject: Re: cvs commit: src/sys/nfsclient nfs_socket.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Jan 2008 11:59:05 -0000 On Thu, 10 Jan 2008, Alfred Perlstein wrote: >>>> Pass curthread to various socket routines (socreate(), sobind(), and >>>> soconnect()) instead of &thread0 when establishing a connection to the NFS >>>> server. Otherwise inconsistent credentials may be used when setting up >>>> the NFS socket. >>> >>> I'm not sure, but I think this may be a regression, I seem to recall that >>> a long time ago it was switched to &thread0 because otherwise certain >>> operations can fail due to curthread not running as root. >> >> That's my recollection too. For example, when nfs is configured to bind to >> a priviliged local port for making queries or connections, it had to be >> done as root. With tcp mounts, the connection can be dropped and a >> reconnect required at any time. > > This could be implemented by a handoff to a thread that does the appropriate > setuid call beforehand, or perhaps the credential inconsistencies can be > further expained or fixed. The real bug is that sobind() and soconnect() take threads as arguments, and should either take just credentials or credentials and threads depending on whether they really want a thread as well. I started fixing this a few years ago but it requires touching a lot of stuff (like protosw) so is pretty disruptive. Basically, because they accept a thread as an argument, you can't use the cached mount-time credential to authorize these further socket operations. You don't want to used the cached socket()-time credential, another obvious choice, as you want to be able to have the root user bind()/connect() a socket and then hand it off to unprivileged processes to use without being able to rebind/connect with privilege. Possibly the above change should be modified to use curthread for UDP and thread0 for TCP, as TCP can be reconnected but may not have the bind problem John is running into, whereas UDP won't be reconnected? Robert N M Watson Computer Laboratory University of Cambridge