Skip site navigation (1)Skip section navigation (2) 
Date:      4 Nov 1999 20:56:36 -0000
From:      vladimir@math.uic.edu
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   kern/14712: problems with access bits on NFS mounted directories, nfs vers 2
Message-ID:  <19991104205636.38652.qmail@galileo.math.uic.edu>
next in thread | raw e-mail | index | archive | help 

>Number:         14712
>Category:       kern
>Synopsis:       root has access to NFS mounted directories with maproot=nobody
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Nov  4 13:00:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Vladimir V. Egorin
>Release:        FreeBSD 3.3-STABLE i386
>Organization:
University of Illinois at Chicago, Department of Mathematics
>Environment:

NFS server running FreeBSD 3.3-STABLE.   NFS client running Solaris 7
(the same problem is reproducible on linux machines).

>Description:

Root on a client is allowed to list the directory contents, even if 
the mode of the directory is 711.     Directory is NFS-mounted
using NFS vers.2.

>How-To-Repeat:

galileo: BSD NFS server 
galois: NFS client (solaris 7)
On galileo:
$ ls -ld /export/4/magma
drwx--x--x  7 magma  math  512 Nov  1 15:36 /export/4/magma/

On galois:

# mount -o vers=2 galileo:/export/4 /mnt
# ls /mnt/magma
LAB_HOME/     Magma2.3/     Magma2.6/     public_html@
Magma2.2/     Magma2.4/     Mailbox
# umount /mnt 
# mount -o vers=3 galileo:/export/4 /mnt
# ls /mnt/magma
/mnt/magma: Permission denied

NFS version 3 mount produces expected results.   With NFS v.2
root is allowed to access directory.




>Fix:
	
	Don't know.    I also have 2 linux clients mounting directories
from the same server.    root on one of them has access to restricted
directories, on the other it has no access (kernels have different versions).

I'll be happy to provide tcpdump output of NFS packets and any other
additional informations.


>Release-Note:
>Audit-Trail:
>Unformatted:
 Vladimir V. Egorin


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991104205636.38652.qmail>