Bug 169039 - GFS POSIX bug: opened fds not pertaining access permissions after setuid
GFS POSIX bug: opened fds not pertaining access permissions after setuid
Status: CLOSED ERRATA
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: gfs (Show other bugs)
4
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ben Marzinski
GFS Bugs
http://lists.samba.org/archive/samba/...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-22 09:34 EDT by Axel Thimm
Modified: 2010-01-11 22:07 EST (History)
2 users (show)

See Also:
Fixed In Version: RHBA-2006-0169
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-06 15:19:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to remove invalid permission checking (546 bytes, patch)
2005-09-28 11:04 EDT, Ben Marzinski
no flags Details | Diff

  None (edit)
Description Axel Thimm 2005-09-22 09:34:54 EDT
Description of problem:
Samba 3 opens fds as root, then setuids to the connecting user. Trying to access
these fds are falsly checked against the new effective uid, instead of the old
one at open time.

Version-Release number of selected component (if applicable):
GFS-kernel-2.6.9-35.5

How reproducible:
always

Steps to Reproduce:
1.open("somefile", O_RDWR, 0600) as root
2.switch to a user with set(res)uid/gid, who doesn't have write access to this   
  file
3.Try to expand this file with ftruncate

(note: the above is what samba does and fails, simply writing to that file
should also fail)

Actual results:
The ftruncate fails

Expected results:
ftruncate should succeed.

Additional info:
This bug is exhibited by Samba when placing its *.tdb database files containing
metadata about locks, connections, crypt tokens etc. on a GFS filesystem.
The latter trick is vital for creating a poor-man's-clustered-samba solution.

See also the mail thread in the URL.
Comment 1 Ben Marzinski 2005-09-23 15:52:24 EDT
Actually, it seems like only setattr requests are incorrectly checked.  Reads and
writes are POSIX compliant.
Comment 2 Axel Thimm 2005-09-24 09:41:29 EDT
Do you mean setxattr from the POSIX ACL draft? Perhaps that one, too, but
already ftruncate fails (resizing a file).
Comment 3 Ben Marzinski 2005-09-26 10:15:01 EDT
I actually mean system calls that use the filesystem specific setattr hook in VFS
(which is linked to gfs_setattr in gfs. This is where the bug is). Truncating a
file is one such call. Sorry for not being clear about that.  The only question
I have is why IS gfs checking permissions in gfs_setattr. I'm trying to make sure
that there isn't some reason why it is necessary.  I currently can't see one. If
it's unnecessary, I'll just remove the check. If it is... that's a little more
complicated.
Comment 4 Ben Marzinski 2005-09-27 15:54:06 EDT
I pulled the check from gfs_setattr
Comment 5 Axel Thimm 2005-09-27 20:42:18 EDT
Is this as trivial to fix on RHEL4U1 (or U2) as it sounds? Otherwise could you
provide a patch? I'd like to continue tetsing Samba on GFS.

Thanks for the fast fix!
Comment 6 Ben Marzinski 2005-09-28 11:04:25 EDT
Created attachment 119371 [details]
patch to remove invalid permission checking

Here is a patch that should apply cleanly to any RHEL4 kernel, that will fix
this
Comment 7 Ben Marzinski 2005-09-28 11:07:43 EDT
You can also checkout the RHEL4 branch of CVS, which has this change.
Unfortunately it is too late in the release cycle to restart QA. So unless the
U2 kernel changes (which will force us to retest anyway) this fix will not make
it into U2.
Comment 9 Ben Marzinski 2005-10-10 19:26:51 EDT
This fix will not make the U2 release.
Comment 10 Axel Thimm 2005-10-10 19:39:36 EDT
Does that mean that it will only apper on U3, or will there be updated
GFS-kernel packages before that?

If the fix takes too long to surface rhn channels I would repackage GFS-kernel
for RHELU2 with the patch from comment #6. I could also make them unofficially
available through ATrpms, if there is interest.
Comment 12 Red Hat Bugzilla 2006-01-06 15:19:53 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0169.html

Note You need to log in before you can comment on or make changes to this bug.