nfs permission escalation?
Matthew Dillon
dillon at apollo.backplane.com
Sat Oct 8 08:59:35 PDT 2005
:Yes, but should we fix it (by querying always?) or is this a common
:problem for other implementations as well?
:
:cheers
: simon
:
:--
:Serve - BSD +++ RENT this banner advert +++ ASCII Ribbon /"\
The problem is that the NFS protocol is broken. There are a huge number
of places in the kernel where 'root' accesses a file handle. For example,
the VM paging code, the filesystem sync code, the buffer cache, etc...
The NFS server should, rightly, map root requests to the UID of the
object on the server (if not root), rather then require that the NFS
client map the requests to the UID of the object on the server.
FreeBSD has all sorts of cred hacks to try to issue the same NFS creds
that were originally used to cache the data. It's a holy mess and I
ripped it all out of Dragonfly (and I'm not putting it back in). Root
*has* to be able to properly access data. These hacks are stop-gaps
at best... if you have multiple non-root users accessing a file with some
accessing it read-write and others accessing it read-only, it will blow
up on FreeBSD too.
The client has no knowledge of the exports mapping, and it can't do it
itself. The only real solution to this problem is for the NFS server
to do the right thing with root-cred requests (map them to the uid/gid
of the object when the object is not 0/0, and map them to -2/-2
otherwise).
-Matt
Matthew Dillon
<dillon at xxxxxxxxxxxxx>
More information about the Bugs
mailing list