Bug 14712

Summary:	[nfs] root has access to NFS mounted directories with maproot=nobody
Product:	Base System	Reporter:	vladimir <vladimir>
Component:	kern	Assignee:	Remko Lodder <remko>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	3.3-STABLE
Hardware:	Any
OS:	Any

Description vladimir 1999-11-04 21:00:01 UTC

Root on a client is allowed to list the directory contents, even if 
the mode of the directory is 711.     Directory is NFS-mounted
using NFS vers.2.

Fix: 

Don't know.    I also have 2 linux clients mounting directories
from the same server.    root on one of them has access to restricted
directories, on the other it has no access (kernels have different versions).

I'll be happy to provide tcpdump output of NFS packets and any other
additional informations.
How-To-Repeat: 
galileo: BSD NFS server 
galois: NFS client (solaris 7)
On galileo:
$ ls -ld /export/4/magma
drwx--x--x  7 magma  math  512 Nov  1 15:36 /export/4/magma/

On galois:

# mount -o vers=2 galileo:/export/4 /mnt
# ls /mnt/magma
LAB_HOME/     Magma2.3/     Magma2.6/     public_html@
Magma2.2/     Magma2.4/     Mailbox
# umount /mnt 
# mount -o vers=3 galileo:/export/4 /mnt
# ls /mnt/magma
/mnt/magma: Permission denied

NFS version 3 mount produces expected results.   With NFS v.2
root is allowed to access directory.

Comment 1 Mike Barcroft freebsd_committer

2001-07-21 03:32:27 UTC

State Changed
From-To: open->feedback


Does this problem still occur in newer versions of FreeBSD, 
such as 4.3-RELEASE?

Comment 2 Mike Barcroft freebsd_committer

2001-07-21 18:23:29 UTC

Adding to Audit-Trail.

On Sat, Jul 21, 2001 at 09:59:54AM -0500, Vladimir V. Egorin wrote:
> On Fri, Jul 20, 2001 at 07:32:47PM -0700, mike@FreeBSD.org wrote:
> 	> Synopsis: root has access to NFS mounted directories with maproot=nobody
> 	> 
> 	> State-Changed-From-To: open->feedback
> 	> State-Changed-By: mike
> 	> State-Changed-When: Fri Jul 20 19:32:27 PDT 2001
> 	> State-Changed-Why: 
> 	> 
> 	> Does this problem still occur in newer versions of FreeBSD,
> 	> such as 4.3-RELEASE?
> 	> 
> 	> http://www.FreeBSD.org/cgi/query-pr.cgi?pr=14712
> 
> The problem is still there:
> 
> On the NFS server:
> # ls -ld /var/test
> drwx--x--x  2 root  wheel  512 Jul 21 09:55 /var/test
> # touch /var/test/file
> 
> On the NFS server:
> /var is shared: (/etc/exports)
> /var -maproot=nobody
> 
> 
> On the client:
> 
> # mount -o vers=3 hopper:/var /mnt
> # ls /mnt/test
> /mnt/test: Permission denied
> 
> 
> # umount /mnt
> # mount -o vers=2 hopper:/var /mnt
> # ls /mnt/test
> file
> 
> Please let me know if you need any debugging help.
> -- 
> Vladimir

Comment 3 Mike Barcroft freebsd_committer

2001-07-21 18:24:31 UTC

Adding to Audit-Trail.

On Sat, Jul 21, 2001 at 10:02:23AM -0500, Vladimir V. Egorin wrote:
> Forgot to add: the system (NFS server) is running 
> 4.3-STABLE (cvsup'ed on Jun 5).
> 
> 
> -- 
> Vladimir

Comment 4 Mike Barcroft freebsd_committer

2001-07-21 18:32:36 UTC

Responsible Changed
From-To: freebsd-bugs->iedowse


Sending PR to Ian Dowse <iedowse@FreeBSD.org>.  Ian, I'm hoping you'll 
be able to solve this longstanding problem with NFS.

Comment 5 Mike Barcroft freebsd_committer

2001-07-21 18:35:34 UTC

State Changed
From-To: feedback->analyzed


Originator's comments are in the Audit-Trail.

Comment 6 Remko Lodder freebsd_committer

2006-12-30 11:22:23 UTC

State Changed
From-To: analyzed->feedback

Hello, is nfsv2 still in use?

Comment 7 Remko Lodder freebsd_committer

2006-12-30 11:22:23 UTC

Responsible Changed
From-To: iedowse->remko

grab the pr to get feedback. i noticed the behaviour is still there 
probably because of lacking information in v2 (which is there in v3 
and later).

Comment 8 Remko Lodder freebsd_committer

2007-01-27 19:00:29 UTC

State Changed
From-To: feedback->closed

feedback timeout