Bug 1443579

Summary: NFS user mounts do not enforce 'noexec'
Product: Red Hat Enterprise Linux 6 Reporter: Pierguido Lambri <plambri>
Component: nfs-utilsAssignee: Steve Dickson <steved>
Status: CLOSED ERRATA QA Contact: Yongcheng Yang <yoyang>
Severity: high Docs Contact:
Priority: high    
Version: 6.9CC: ajmitchell, bcodding, cplummer+bz, dwysocha, plambri, rhandlin, smayhew, ssahsrab, steved, swhiteho, xzhou, yoyang
Target Milestone: rcKeywords: Reproducer
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nfs-utils-1.2.3-78.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-19 05:08:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1461138, 1507140    
Attachments:
Description Flags
proposed patch none

Description Pierguido Lambri 2017-04-19 13:56:57 UTC 
Description of problem:
When mounting a NFS share with the option 'user' from fstab, as per man page the options noexec, nosuid, and nodev should be applied.
If it's mounted from root, it works. If it's done from a normal user it doesn't set these options (allowing the user to execute programs from the share)

Version-Release number of selected component (if applicable):
nfs-utils-1.2.3-75.el6.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Set a fstab entry as:
   192.168.122.10:/exports /mnt  nfs  defaults,noauto,user   0 0
2. Mount it via normal user 

Actual results:
$ nfsstat -m
/mnt from 192.168.122.10:/exports/
 Flags: rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.11,minorversion=0,local_lock=none,addr=192.168.122.10


Expected results:
$ nfsstat -m
/mnt from 192.168.122.10:/exports/
 Flags: rw,nosuid,nodev,noexec,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.11,minorversion=0,local_lock=none,addr=192.168.122.10

Additional info:
RHEL7 works fine
Comment 7 Steve Whitehouse 2017-12-01 10:44:37 UTC 
SteveD, please provide an update for this bug.
Comment 8 Steve Dickson 2017-12-11 15:57:35 UTC 
I can not reproduce this with the latest nfs-utils version
Comment 9 Pierguido Lambri 2017-12-13 10:37:42 UTC 
I can still reproduce it with the latest nfs-utils:


RHEL6:

$ uname -r
2.6.32-696.16.1.el6.x86_64

$ rpm -qa | grep nfs-utils
nfs-utils-1.2.3-75.el6_9.x86_64
nfs-utils-lib-1.1.5-13.el6.x86_64

$ nfsstat -m
/mnt from 192.168.122.10:/exports/
 Flags: rw,relatime,vers=4,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.12,minorversion=0,local_lock=none,addr=192.168.122.10

$ ls -l /mnt/ls
-rwxr-xr-x. 1 test test 117048 Dec 13  2017 /mnt/ls


$ /mnt/ls -l
total 0
-rw-rw-r--. 1 test test 0 Dec 13 10:28 test1
-rw-rw-r--. 1 test test 0 Dec 13 10:28 test2
-rw-rw-r--. 1 test test 0 Dec 13 10:28 test3
-rw-rw-r--. 1 test test 0 Dec 13 10:28 test4
-rw-rw-r--. 1 test test 0 Dec 13 10:28 test5


RHEL7:

$ whoami 
test

$ nfsstat -m
/mnt from 192.168.122.10:/exports
 Flags: rw,nosuid,nodev,noexec,relatime,vers=4.0,rsize=131072,wsize=131072,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.122.35,local_lock=none,addr=192.168.122.10


$ /mnt/ls -l
-bash: /mnt/ls: Permission denied
Comment 10 Steve Whitehouse 2018-02-01 10:06:09 UTC 
This looks like something we should try to resolve for 6.10, since there are security implications.

Steve D, is the info in comment #9 enough for you to reproduce this?
Comment 15 Scott Mayhew 2018-04-05 15:17:04 UTC 
Created attachment 1417811 [details]
proposed patch

It looks like libmount is shipped as part of util-linux-ng in rhel6.  I don't see a libmount-devel or a util-linux-ng-devel package, nor do a see a package providing libmount.h.  It would be quite a bit of churn pulling in the libmount support in nfs-utils just so we get the correct flags on user mounts.  So I suggest we just use the attached rhel6-only patch instead.
Comment 16 Alice Mitchell 2018-04-05 17:39:35 UTC 
That patch looks to fix it.  

The mount command adds in the noexec,nosuid,noauto opts and hands them to mount.nfs which then discards them as untrusted and takes the unedited flags from fstab instead. The latest nfs-utils appears to still do this, but i assume the flags get fixed up by some later mechanism.
Comment 17 Steve Dickson 2018-04-05 18:01:36 UTC 
(In reply to Scott Mayhew from comment #15)
> Created attachment 1417811 [details]
> proposed patch
Got it... Thanks!

> 
> It looks like libmount is shipped as part of util-linux-ng in rhel6.  I
> don't see a libmount-devel or a util-linux-ng-devel package, nor do a see a
> package providing libmount.h.  It would be quite a bit of churn pulling in
> the libmount support in nfs-utils just so we get the correct flags on user
> mounts.  So I suggest we just use the attached rhel6-only patch instead.
I agree...
Comment 21 Yongcheng Yang 2018-05-16 03:03:05 UTC 
Moving to VERIFIED according to comment #20 now.
Comment 24 errata-xmlrpc 2018-06-19 05:08:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:1855