From owner-freebsd-stable@FreeBSD.ORG Thu Mar 31 23:56:22 2005 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE65A16A4CE; Thu, 31 Mar 2005 23:56:22 +0000 (GMT) Received: from pd2mo2so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8207043D2F; Thu, 31 Mar 2005 23:56:22 +0000 (GMT) (envelope-from cperciva@freebsd.org) Received: from pd2mr5so.prod.shaw.ca (pd2mr5so-qfe3.prod.shaw.ca [10.0.141.8]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IE8008C4QH0HV50@l-daemon>; Thu, 31 Mar 2005 16:55:48 -0700 (MST) Received: from pn2ml1so.prod.shaw.ca ([10.0.121.145]) by pd2mr5so.prod.shaw.ca (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0IE800IPRQH0TR10@pd2mr5so.prod.shaw.ca>; Thu, 31 Mar 2005 16:55:48 -0700 (MST) Received: from [192.168.0.60] (S0106006067227a4a.vc.shawcable.net [24.87.209.6]) by l-daemon (iPlanet Messaging Server 5.2 HotFix 1.18 (built Jul 28 2003)) with ESMTP id <0IE800L8QQGZ7C@l-daemon>; Thu, 31 Mar 2005 16:55:48 -0700 (MST) Date: Thu, 31 Mar 2005 15:55:37 -0800 From: Colin Percival In-reply-to: <20050331111625.GA13338@zoopee.org> To: Tom Alsberg Message-id: <424C8DF9.2060905@freebsd.org> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 7bit X-Accept-Language: en-us, en X-Enigmail-Version: 0.90.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime References: <20050331111625.GA13338@zoopee.org> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050326) cc: FreeBSD Hackers List cc: freebsd-stable@freebsd.org Subject: Re: MNT_NOEXEC on root filesystem with diskless PXE boot? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 Mar 2005 23:56:23 -0000 Tom Alsberg wrote: > Perhaps this should go to -STABLE, I just couldn't be sure. It will get more attention on freebsd-stable@, so I'm CCing that list. > We are trying out FreeBSD 5.4-PRERELEASE on diskless clients. I > noticed one problem, being that when setting the LD_LIBRARY_PATH > (or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment > variables, nothing will run, as /libexec/ld-elf.so.1 complains: > > Cannot execute objects on / > > According to the sources, this was added in 5.4, and will happen > if / is mounted noexec. Yes, that's quite correct -- although I can't imagine how a bug which caused / to be labelled as "noexec" managed to avoid causing major problems until now. I don't know anything about NFS, but hopefully someone on -stable will be able to work out what's going on from the rest of your email (quoted below). Colin Percival > In this case, / is mounted by the BTX PXE loader over NFS (from a > FreeBSD 5.3 server, right now). "mount" does not show the noexec > flag. However, with the attached little C program I verified that > statfs really returns this flag (0x00000006). > > Now, I see that on FreeBSD 5.3 diskless clients this flag is also > returned on / - just it happened that nobody looked at it until > the change in rtld.c of FreeBSD 5.4: > > if (fs.f_flags & MNT_NOEXEC) { > _rtld_error("Cannot execute objects on %s\n", fs.f_mntonname); > close(fd); > return NULL; > } > > I didn't yet understand (didn't check much) - why does statfs report > the MNT_NOEXEC flag on the / filesystem (and only the / filesystem, > when it's mounted from NFS by the bootloader - not any other > NFS filesystems)? BTW, this happens also with NetApp as the NFS > server - just to rule out any possibility of relation here. > > Ideas appreciated, > -- Tom > > > > ------------------------------------------------------------------------ > > #include > #include > #include > #include > > > int main(int argc, char *argv[]) > { > if (argc != 2) { > fprintf(stderr, "invalid number of arguments"); > return -1; > } > > struct statfs stbuf; > > if (statfs(argv[1], &stbuf) != 0) { > perror("fstatfs"); > return -1; > } > > printf("FLAGS: 0x%08X\n", stbuf.f_flags); > if (stbuf.f_flags & MNT_NOEXEC) > printf("MNT_NOEXEC\n"); > > return 0; > }