Bug 623637 - [RHEL 4] Fix nfsd4 permissions problem
Summary: [RHEL 4] Fix nfsd4 permissions problem
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: kernel
Version: 4.8
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Red Hat Kernel Manager
QA Contact: Red Hat Kernel QE team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-12 11:30 UTC by Sachin Prabhu
Modified: 2018-11-14 18:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-14 19:56:35 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
User provided patch (1.03 KB, patch)
2010-08-12 11:33 UTC, Sachin Prabhu
no flags Details | Diff

Description Sachin Prabhu 2010-08-12 11:30:08 UTC
We have a customer request to backport the following patch

commit 7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1
Author: J. Bruce Fields <bfields.edu>
Date:   Fri Jun 30 01:56:14 2006 -0700

    [PATCH] knfsd: nfsd: call nfsd_setuser() on fh_compose(), fix nfsd4 permissions problem

This patch also needs to be followed by

commit d1bbf14f37261c2c0dba71404602e1ddcec069d2
Author: NeilBrown <neilb>
Date:   Sun Jul 30 03:03:16 2006 -0700

    [PATCH] knfsd: Fix stale file handle problem with subtree_checking.

which fixes a bug in the original patch.

Copying the description from the earlier patch

--
From: J. Bruce Fields <bfields.edu>

In the typical v2/v3 case the only new filehandles used as arguments to
operations are filehandles taken directly off the wire, which don't get
dentries until fh_verify() is called.

But in v4 the filehandles that are arguments to operations were often
created by previous operations (putrootfh, lookup, etc.) using
fh_compose, which sets the dentry in the filehandle without calling
nfsd_setuser().

This also means that, for example, if filesystem B is mounted on filesystem
A, and filesystem A is exported without root-squashing, then a client can
bypass the rootsquashing on B using a compound that starts at a filehandle
in A, crosses into B using lookups, and then does stuff in B.
--

Comment 2 Sachin Prabhu 2010-08-12 11:33:46 UTC
Created attachment 438406 [details]
User provided patch

Patch which combines the changes in 
git commits
7fc90ec93a5eb71f4b08403baf5ba7176b3ec6b1
and
d1bbf14f37261c2c0dba71404602e1ddcec069d2


Note You need to log in before you can comment on or make changes to this bug.