Date: Thu, 31 Mar 2005 15:55:37 -0800 From: Colin Percival <cperciva@freebsd.org> To: Tom Alsberg <alsbergt@cs.huji.ac.il> Cc: freebsd-stable@freebsd.org Subject: Re: MNT_NOEXEC on root filesystem with diskless PXE boot? Message-ID: <424C8DF9.2060905@freebsd.org> In-Reply-To: <20050331111625.GA13338@zoopee.org> References: <20050331111625.GA13338@zoopee.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Tom Alsberg wrote:
> Perhaps this should go to -STABLE, I just couldn't be sure.
It will get more attention on freebsd-stable@, so I'm CCing that list.
> We are trying out FreeBSD 5.4-PRERELEASE on diskless clients. I
> noticed one problem, being that when setting the LD_LIBRARY_PATH
> (or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
> variables, nothing will run, as /libexec/ld-elf.so.1 complains:
>
> Cannot execute objects on /
>
> According to the sources, this was added in 5.4, and will happen
> if / is mounted noexec.
Yes, that's quite correct -- although I can't imagine how a bug which
caused / to be labelled as "noexec" managed to avoid causing major
problems until now.
I don't know anything about NFS, but hopefully someone on -stable
will be able to work out what's going on from the rest of your
email (quoted below).
Colin Percival
> In this case, / is mounted by the BTX PXE loader over NFS (from a
> FreeBSD 5.3 server, right now). "mount" does not show the noexec
> flag. However, with the attached little C program I verified that
> statfs really returns this flag (0x00000006).
>
> Now, I see that on FreeBSD 5.3 diskless clients this flag is also
> returned on / - just it happened that nobody looked at it until
> the change in rtld.c of FreeBSD 5.4:
>
> if (fs.f_flags & MNT_NOEXEC) {
> _rtld_error("Cannot execute objects on %s\n", fs.f_mntonname);
> close(fd);
> return NULL;
> }
>
> I didn't yet understand (didn't check much) - why does statfs report
> the MNT_NOEXEC flag on the / filesystem (and only the / filesystem,
> when it's mounted from NFS by the bootloader - not any other
> NFS filesystems)? BTW, this happens also with NetApp as the NFS
> server - just to rule out any possibility of relation here.
>
> Ideas appreciated,
> -- Tom
>
>
>
> ------------------------------------------------------------------------
>
> #include <stdio.h>
> #include <fcntl.h>
> #include <sys/param.h>
> #include <sys/mount.h>
>
>
> int main(int argc, char *argv[])
> {
> if (argc != 2) {
> fprintf(stderr, "invalid number of arguments");
> return -1;
> }
>
> struct statfs stbuf;
>
> if (statfs(argv[1], &stbuf) != 0) {
> perror("fstatfs");
> return -1;
> }
>
> printf("FLAGS: 0x%08X\n", stbuf.f_flags);
> if (stbuf.f_flags & MNT_NOEXEC)
> printf("MNT_NOEXEC\n");
>
> return 0;
> }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?424C8DF9.2060905>