From owner-freebsd-bugs Thu Dec 4 09:00:03 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA06428 for bugs-outgoing; Thu, 4 Dec 1997 09:00:03 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: (from gnats@localhost) by hub.freebsd.org (8.8.7/8.8.7) id JAA06416; Thu, 4 Dec 1997 09:00:02 -0800 (PST) (envelope-from gnats) Resent-Date: Thu, 4 Dec 1997 09:00:02 -0800 (PST) Resent-Message-Id: <199712041700.JAA06416@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, jose@we.lc.ehu.es Received: (from nobody@localhost) by hub.freebsd.org (8.8.7/8.8.7) id IAA05918; Thu, 4 Dec 1997 08:53:25 -0800 (PST) (envelope-from nobody) Message-Id: <199712041653.IAA05918@hub.freebsd.org> Date: Thu, 4 Dec 1997 08:53:25 -0800 (PST) From: jose@we.lc.ehu.es To: freebsd-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: www-1.0 Subject: bin/5219: login(1) fails when NFS-mounted homes are being exported from the server without remote root access Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 5219 >Category: bin >Synopsis: login(1) fails when NFS-mounted homes are being exported from the server without remote root access >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Dec 4 09:00:00 PST 1997 >Last-Modified: >Originator: Jose M. Alcaide >Organization: Universidad del Pais Vasco - Dept. de Electricidad y Electronica >Release: 2.2.5-RELEASE >Environment: FreeBSD tiburon.we.lc.ehu.es 2.2.5-RELEASE FreeBSD 2.2.5-RELEASE #0: Wed Oct 29 15:20:18 CET 1997 root@tiburon.we.lc.ehu.es:/usr/src/sys/compile/TIBURON i386 >Description: This problem appeared in 2.2.2-RELEASE. When any home directory is NFS-mounted, but it is exported from the server without granting remote root access, all file operations made as root on that filesystem are seen by the server as made by "nobody". Login(1) calls setuid() too late, after calling chdir() and checking for the existence of .hushlogin. The consequence is that these file operations are made as root, and then are seen from the fileserver as made by "nobody", and they fail. As a result, login(1) cannot chdir() to the home directory, and says "No home directory - logging with home=/". >How-To-Repeat: See above. >Fix: The definitive fix needs a rearrangement of the actions implemented in login.c, moving the setuid() before the chdir() and any other accesses to the user's home directory. Meanwhile, a "chmod o+x ", granting search permission to any user, may do the trick. Of course, if the home directories are exported granting remote root access to the FreeBSD box(es), this problem does not manifest itself, but this has obvious security risks. >Audit-Trail: >Unformatted: