Bug 782455
| Summary: | rpc.statd does not chown the sm.bak dir before dropping privs | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Harald Klein <hklein> | ||||
| Component: | nfs-utils | Assignee: | Steve Dickson <steved> | ||||
| Status: | CLOSED ERRATA | QA Contact: | yanfu,wang <yanwang> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 5.7 | CC: | cww, jlayton, plambri, rdassen, yanwang, yoyang | ||||
| Target Milestone: | rc | Keywords: | Patch | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | nfs-utils-1.0.9-64.el5 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2013-01-08 07:34:24 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 668957, 743405 | ||||||
| Attachments: |
|
||||||
|
Description
Harald Klein
2012-01-17 14:28:00 UTC
Created attachment 555799 [details]
patch containing a possible fix
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release. Reproduced on packag nfs-utils-1.0.9-60.el5:
[root@ibm-x3550m3-05 ~]# mkdir /tmp/testdir1
[root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir1
[root@ibm-x3550m3-05 ~]# touch /tmp/testdir1/sm/192.168.1.1
[root@ibm-x3550m3-05 ~]# chown rpcuser:rpcuser /tmp/testdir1/sm
[root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir1
total 24
drwx------ 2 rpcuser rpcuser 4096 Oct 10 23:41 sm
drwx------ 2 root root 4096 Oct 10 23:41 sm.bak
-rw------- 1 root root 4 Oct 10 23:41 state
[root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir1 -n localhost
When above command done, got 'Permission denied' in /var/log/message:
Oct 10 23:42:08 ibm-x3550m3-05 rpc.statd[27119]: Version 1.0.9 Starting
Oct 10 23:42:08 ibm-x3550m3-05 rpc.statd[27119]: Flags: No-Daemon Notify-Only
Oct 10 23:42:38 ibm-x3550m3-05 rpc.statd[27119]: Can't notify 192.168.1.1, giving up.
Oct 10 23:42:38 ibm-x3550m3-05 rpc.statd[27119]: unlink (/tmp/testdir1/sm.bak/192.168.1.1): Permission denied
Verified on new packag nfs-utils-1.0.9-66.el5:
[root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir/
drwx------ 2 rpcuser rpcuser 4096 10-10 23:37 sm
drwx------ 2 root root 4096 10-10 23:35 sm.bak
-rw------- 1 root root 4 10-10 23:36 state
[root@ibm-x3550m3-05 ~]# rpc.statd -NFP /tmp/testdir -n localhost
[root@ibm-x3550m3-05 ~]# ls -l /tmp/testdir/
drwx------ 2 rpcuser rpcuser 4096 10-10 23:38 sm
drwx------ 2 rpcuser rpcuser 4096 10-10 23:38 sm.bak
^^^^^^^ ^^^^^^^
No 'Permission denied' about unlink now.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0068.html |