Bug 956957 - nfs-root-squash: rename creates a file on a file residing inside a sticky bit set directory
Summary: nfs-root-squash: rename creates a file on a file residing inside a sticky bit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: glusterd
Version: 2.1
Hardware: x86_64
OS: All
high
urgent
Target Milestone: ---
: ---
Assignee: Raghavendra Bhat
QA Contact: Saurabh
URL:
Whiteboard:
Depends On:
Blocks: 958691
TreeView+ depends on / blocked
 
Reported: 2013-04-26 05:40 UTC by Saurabh
Modified: 2016-01-19 06:11 UTC (History)
5 users (show)

Fixed In Version: glusterfs-3.4.0.5rhs-1
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 958691 (view as bug list)
Environment:
Last Closed: 2013-09-23 22:39:35 UTC
Embargoed:

Attachments (Terms of Use)

Description Saurabh 2013-04-26 05:40:45 UTC 
Description of problem:
a directory with sticky bit set, allows to create a new file with UID:GID as root:root while trying to rename a file inside it.

Version-Release number of selected component (if applicable):
glusterfs-3.4.0.1rhs-1.el6rhs.x86_64

How reproducible:
always

Steps to Reproduce:
1. Create dist-rep volume; start the volume
2. create directory "dir"
3. chmod 1777 dir

[root@rhsauto020 nfs-test]# ls -l
total 31457281
-rw-r--r--. 1 root root 32212254732 Apr 25 17:34 30GBfile
drwxrwxrwt. 2 root root         138 Apr 25 18:39 dir
drwxr-xr-x. 2 root root          36 Apr 25 18:32 dir1

4. create files inside this "dir"

[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 1 root root 0 Apr 25 18:33 file1
-rwxrwxrwx. 1 root root 0 Apr 25 18:33 file2


5. enable root-squash

[root@rhs-goldman1 ~]# ./root-squash-enable.sh 
VOLNAME:dist-rep
volume set: success

6. mv dir/file1 dir/file11
   or
   mv dir/file2 dir/file22
  
Actual results:

[root@rhsauto020 nfs-test]# mv dir/file1 dir/file11
[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 2 root root 0 Apr 25 18:33 file1
-rw-r--r--. 2 root root 0 Apr 25 18:33 file11
-rwxrwxrwx. 1 root root 0 Apr 25 18:33 file2
[root@rhsauto020 nfs-test]# mv dir/file2 dir/file22
[root@rhsauto020 nfs-test]# ls -l dir/
total 0
-rw-r--r--. 2 root root 0 Apr 25 18:33 file1
-rw-r--r--. 2 root root 0 Apr 25 18:33 file11
-rwxrwxrwx. 2 root root 0 Apr 25 18:33 file2
-rwxrwxrwx. 2 root root 0 Apr 25 18:33 file22



[root@rhsauto020 dir]# touch file3
[root@rhsauto020 dir]# ls -l
total 0
-rw-r--r--. 2 root      root      0 Apr 25 18:33 file1
-rw-r--r--. 2 root      root      0 Apr 25 18:33 file11
-rwxrwxrwx. 2 root      root      0 Apr 25 18:33 file2
-rwxrwxrwx. 2 root      root      0 Apr 25 18:33 file22
-rw-r--r--. 1 nfsnobody nfsnobody 0 Apr 25 18:34 file3

Expected results:
Permission should be denied to rename.

Additional info:
Comment 2 Saurabh 2013-04-26 06:33:24 UTC 
Client used is RHEL 6.4
Comment 4 Raghavendra Bhat 2013-05-08 10:55:53 UTC 
https://code.engineering.redhat.com/gerrit/#/c/7257/ has been submitted for review.
Comment 6 Scott Haines 2013-09-23 22:39:35 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. 

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html
Comment 7 Scott Haines 2013-09-23 22:43:45 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. 

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-1262.html
Note You need to log in before you can comment on or make changes to this bug.