From owner-freebsd-bugs@FreeBSD.ORG Fri Sep 5 10:30:16 2003 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2E92816A4BF for ; Fri, 5 Sep 2003 10:30:16 -0700 (PDT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B5A443FDF for ; Fri, 5 Sep 2003 10:30:14 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h85HUEUp019284 for ; Fri, 5 Sep 2003 10:30:14 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h85HUEi5019283; Fri, 5 Sep 2003 10:30:14 -0700 (PDT) Resent-Date: Fri, 5 Sep 2003 10:30:14 -0700 (PDT) Resent-Message-Id: <200309051730.h85HUEi5019283@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Jonathan Lennox Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2B54216A4BF for ; Fri, 5 Sep 2003 10:22:29 -0700 (PDT) Received: from cs.columbia.edu (cs.columbia.edu [128.59.16.20]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DF9843F3F for ; Fri, 5 Sep 2003 10:22:28 -0700 (PDT) (envelope-from lennox@cs.columbia.edu) Received: from cnr.cs.columbia.edu (cnr.cs.columbia.edu [128.59.19.133]) by cs.columbia.edu (8.12.9/8.12.9) with ESMTP id h85HMQaH002522 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Fri, 5 Sep 2003 13:22:27 -0400 (EDT) Received: from cnr.cs.columbia.edu (localhost [127.0.0.1]) by cnr.cs.columbia.edu (8.12.9/8.12.9) with ESMTP id h85HMQYj085466 for ; Fri, 5 Sep 2003 13:22:26 -0400 (EDT) (envelope-from lennox@cnr.cs.columbia.edu) Received: (from lennox@localhost) by cnr.cs.columbia.edu (8.12.9/8.12.9/Submit) id h85HMPbj085465; Fri, 5 Sep 2003 13:22:25 -0400 (EDT) Message-Id: <200309051722.h85HMPbj085465@cnr.cs.columbia.edu> Date: Fri, 5 Sep 2003 13:22:25 -0400 (EDT) From: Jonathan Lennox To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: bin/56500: rpc.lockd needs to use reserved ports X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Jonathan Lennox List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Sep 2003 17:30:16 -0000 >Number: 56500 >Category: bin >Synopsis: rpc.lockd needs to use reserved ports >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Sep 05 10:30:13 PDT 2003 >Closed-Date: >Last-Modified: >Originator: Jonathan Lennox >Release: FreeBSD 5.1-RELEASE-p2 i386 >Organization: Columbia University >Environment: System: FreeBSD cnr.cs.columbia.edu 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #1: Thu Sep 4 18:18:39 EDT 2003 lennox@cnr.cs.columbia.edu:/usr/obj/usr/src/sys/CNR i386 >Description: Many NFS servers refuse client requests from unreserved (allegedly "insecure") UDP ports. The FreeBSD NFS client correctly deals with this, by always using reserved ports. However, rpc.lockd, which as of FreeBSD 5.x handles client-side NLM locks, doesn't. NFS servers -- notably Linux's -- that want NFS requests to come from reserved ports often want NLM requests to come from reserved ports as well. Thus, for the same reason as this was needed for the NFS client in the kernel, the NLM client in rpc.lockd needs to send its RPC messages from a reserved port. >How-To-Repeat: * Install the patch in kern/56461 and rebuild your kernel and rpc.lockd, or you'll freeze when you try to lock from a Linux server, and never get as far as this bug. * Make sure rpc.statd and rpc.lockd are running. * NFS mount a filesystem from a Linux fileserver. * (Run ethereal, if you're curious about what NLM messages are actually appearing on the wire.) * Try to lock a file (with flock() or lockf()) from the Linux fileserver. * Notice that flock() or lockf() returned EAGAIN. * In ethereal, notice that the RPC call returned the status NLM_DENIED. * In /var/log/messages (or wherever it puts it) on the Linux host, notice the message of the form Sep 5 12:58:23 pennstation kernel: nfsd: request from insecure port (803b1385:49646)! >Fix: In rpc.lockd, bind the NLM client to a reserved source port. Unfortunately, I don't know enough RPC hacking to write a patch. I tried using the "insecure" NFS option in /etc/exports on the Linux host, as a workaround, but this didn't actually avoid the problem. >Release-Note: >Audit-Trail: >Unformatted: