Bug 53718
| Summary: | rpc.rquotad crashes and leaks memory | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | jjaakkol |
| Component: | quota | Assignee: | Steve Dickson <steved> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Brock Organ <borgan> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.3 | CC: | chrispy, kmaraas, mattdm, thoron, vsharma |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.cs.helsinki.fi/u/jjaakkol/quotabug.txt | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2003-06-02 17:26:55 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 90914 | ||
|
Description
jjaakkol
2001-09-16 19:04:50 UTC
Third bug found: rpc.rquotad fails to check that remote setquota calls are made from port < 1024. With a trivial change to edquota any user can remotely change any other users quota. There is no way to disable setquota without recompiling rpc.rquotad. I have made a fixed (and somewhat enhanced) package for my own machines. The packages and patch are available from http://www.cs.helsinki.fi/u/jjaakkol/linuxquota/ It seems that I am talking only to myself here. Anyway, the exactly same problems (including the setquota security hole) are still present in the quota package of RedHat 7.3. These have been fixed a long time ago in the original linuxquota package available from http://sourceforge.net/projects/linuxquota. Appologies, I've recently been assigned this package while I was engaged in the advanced server and 7.2 alpha contracts so I've had zero time to look at buzilla beyond my normal package scope. Ok,.. it'll take me a few days to knock around this and it'll have to go through QA as well. I'm not terribly sure is rawhide is still active or not but you might see something there tomorrow morning (it updates nightly) Phil =--= Phil, We are seeing an issue which might be related to this. We have a vanilla RH73 dual AMD box acting as an NFS server to various Suns and HPs over a gigabit fiber NIC. When someone attempts to log into the HP, the HP attempts to check quota, which causes the RH73 rpc.quotad daemon to die *immediately*. The HP quota check eventually times out and the user can continue, but I'd like to fix it. I'm wondering if rpc.quotad is crashing for reasons similar to what jjaakkol.fi is seeing. I don't see anything suspicious in /var/log/messages on the RH73 box. Any idea when something might be available for RH73 to try? - Chris I just double-checked our Sun. It doesn't check quota on rlogin, but typing 'quota' also instantly kills the RH73 rpc.rquotad daemon: ===================== [root@chilly root]# service nfs status rpc.mountd (pid 5825) is running... nfsd (pid 5837 5836 5835 5834 5833 5832 5831 5830) is running... rpc.rquotad is stopped [root@chilly root]# ===================== - Chris Any change here? *** Bug 9038 has been marked as a duplicate of this bug. *** Better get all quota problems fixed at same errata. This problem is fixed in quota-3.06-9.7 |