Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 21 Oct 2002 06:03:32 -0700 (PDT)
From:      Michael van Elst <mlelstv@dev.de.cw.net>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   kern/44336: NFSv3 client broken - security problem with attribute caching
Message-ID:  <200210211303.g9LD3Wrg048753@www.freebsd.org>
next in thread | raw e-mail | index | archive | help 


>Number:         44336
>Category:       kern
>Synopsis:       NFSv3 client broken - security problem with attribute caching
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 21 06:10:10 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Michael van Elst
>Release:        FreeBSD 4.7-STABLE / FreeBSD 5.0-CURRENT
>Organization:
Cable&Wireless
>Environment:
FreeBSD dt1.dev.de.cw.net 4.7-STABLE FreeBSD 4.7-STABLE #0: Thu Oct 10 18:20:04 CEST 2002     root@dt1.dev.de.cw.net:/usr/src/sys/compile/DT1  i386

FreeBSD dv2.dev.de.cw.net 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Tue Sep 17 17:25:48 CEST 2002   root@dv2.dev.de.cw.net:/usr/src/sys/i386/compile/DV2  i386

>Description:
Effect of chmod(1) is deferred on NFSv3 mounts.
>How-To-Repeat:
Mount a directory on a NFSv3 server (tested against a NetApp filer and
a FreeBSD-4.6-STABLE server) and change to that directory.

% touch foo
% chmod 644 foo ; echo >> foo
% chmod 0 foo ; echo >> foo
% chmod 0 foo ; echo >> foo
foo: Permission denied.
% chmod 644 foo ; echo >> foo
% chmod 0 foo ; sleep 2 ; echo >> foo
foo: Permission denied

Apparently it takes up to two seconds before the chmod becomes effective.

Most probable reason: the NFS client uses cached attributes that are not invalidated by chmod(1).

Repeating the same with a NFSv2 mount does not exhibit the problem.
Repeating the same on NetBSD1.6 and Solaris9 does not exhibit the problem.


>Fix:
      
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200210211303.g9LD3Wrg048753>