From owner-freebsd-stable@FreeBSD.ORG  Thu Mar  9 02:15:04 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0AFB516A420
	for <freebsd-stable@freebsd.org>; Thu,  9 Mar 2006 02:15:04 +0000 (GMT)
	(envelope-from miguel@anjos.strangled.net)
Received: from compaq.anjos.strangled.net (87-196-228-141.net.novis.pt
	[87.196.228.141])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D8BF43D53
	for <freebsd-stable@freebsd.org>; Thu,  9 Mar 2006 02:15:03 +0000 (GMT)
	(envelope-from miguel@anjos.strangled.net)
Received: from compaq.anjos.strangled.net (localhost [127.0.0.1])
	by compaq.anjos.strangled.net (8.13.4/8.13.4) with ESMTP id
	k292Ex6a003244; Thu, 9 Mar 2006 02:15:01 GMT
	(envelope-from miguel@compaq.anjos.strangled.net)
Received: (from miguel@localhost)
	by compaq.anjos.strangled.net (8.13.4/8.13.4/Submit) id k292ExSu003243; 
	Thu, 9 Mar 2006 02:14:59 GMT (envelope-from miguel)
Date: Thu, 9 Mar 2006 02:14:59 GMT
From: Miguel Lopes Santos Ramos <miguel@anjos.strangled.net>
Message-Id: <200603090214.k292ExSu003243@compaq.anjos.strangled.net>
To: kris@obsecurity.org
In-Reply-To: <20060309020354.GA56238@xor.obsecurity.org>
Cc: kuriyama@imgsrc.co.jp, freebsd-stable@freebsd.org
Subject: Re: rpc.lockd brokenness (2)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Mar 2006 02:15:04 -0000

> From: Kris Kennaway <kris@obsecurity.org>
>
> The bug is triggered because the file is locked in the parent
> (i.e. the daemon process, which creates the pidfile) but unlocked by
> the child after the fork (in this case, when the child is killed).  On
> the server, rpc.lockd compares the svid (=3D pid of process on the
> client that is doing the lock call) of the lock and unlock requests,
> notices they're different and assumes that the unlock request is
> coming from some random process on the client that didn't hold the
> lock in the first place.
>
> In reality, the file descriptor was passed from parent to child by the
> fork(), and the child does actually hold the lock.

Thank you. That is a very good explanation.

> Fixing this is probably hard (also: I can't see how this could have
> ever worked with pidfile locking in cron, since it always acquired the
> lock before forking, as now.  Perhaps something else about your
> configuration changed.).

Because the lock is somehow persisting through reboots, even though I 
stop nfslocking, remove /var/db/statd.status and restart it...

> Anyway, the workaround for you is probably not to use rpc.lockd on
> your NFS mounted /var (e.g. use mount_nfs -L).  Since you don't have
> multiple machines accessing this filesystem (which wouldn't work
> anyway, as noted before), you don't need it anyway.
>
> Kris

Oh yes, I must try that again. I had problems in the past with using the -L
option, gnome didn't run. Probably it was because it was a single / filesystem
mounted on boot and the option on fstab was ignored, I must try it again.

Miguel