2015-02-23 16:48:10 |
Bryan Quigley |
bug |
|
|
added bug |
2015-02-23 16:49:43 |
Bryan Quigley |
tags |
|
kernel-bug-exists-upstream |
|
2015-02-23 17:00:08 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
2015-02-23 17:20:05 |
Bryan Quigley |
linux (Ubuntu): status |
Incomplete |
Confirmed |
|
2015-02-23 17:20:36 |
Bryan Quigley |
description |
1) Ubuntu 14.04
2) 3.13 kernel or mainline kernel 3.19.
krb5-user [1.12+dfsg-2ubuntu5.1]
nfs-common [1:1.2.8-6ubuntu1]
3) What should happen:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed!
ls ~user1# this should fail!
4) What happened instead:
After kinit user2:
ls ~user2# this FAILS
ls ~user1# this still WORKS
This appears to be known upstream:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
Bits and pieces of an earlier attempt at a fix:
http://www.spinics.net/lists/linux-nfs/msg34236.html
nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif
Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and linked discussion) |
1) Ubuntu 14.04
2) 3.13 kernel or mainline kernel 3.19.
krb5-user [1.12+dfsg-2ubuntu5.1]
nfs-common [1:1.2.8-6ubuntu1]
3) What should happen:
Start as unpriviledged (in a kerberos sense) user with access to a kerberos protected NFS share (in this case it contains home directories)
kinit user1
ls ~user1 #Test user1 permissions, this should always succeed (and does)
kdestroy #should destroy user1 permissions
kinit user2
ls ~user2# this should succeed!
ls ~user1# this should fail!
4) What happened instead:
After kinit user2:
ls ~user2# this FAILS
ls ~user1# this still WORKS
This appears to be known upstream:
http://www.citi.umich.edu/projects/nfsv4/linux/faq/#krb5_006
Bits and pieces of an earlier attempt at a fix:
http://www.spinics.net/lists/linux-nfs/msg34236.html
nfslogin/logout prototype http://www.citi.umich.edu/projects/asci/icsi-alpha/nfs-utils-patches/1.0.10-asci-2/nfs-utils-1.0.10-asci-017-add_nfslogin.dif
Another bug request: https://fedorahosted.org/gss-proxy/ticket/1 (and linked discussion)
Workarounds:
Unmount/Mount NFS share |
|
2015-02-23 18:49:22 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
Medium |
|
2015-02-23 18:49:44 |
Joseph Salisbury |
tags |
kernel-bug-exists-upstream |
kernel-bug-exists-upstream kernel-da-key |
|
2015-02-23 20:33:15 |
Bryan Quigley |
tags |
kernel-bug-exists-upstream kernel-da-key |
kernel-da-key |
|
2015-02-23 20:33:18 |
Bryan Quigley |
tags |
kernel-da-key |
kernel-bug-exists-upstream kernel-da-key |
|
2015-02-26 15:32:23 |
Bryan Quigley |
bug watch added |
|
http://bugzilla.kernel.org/show_bug.cgi?id=93891 |
|
2015-02-26 15:32:23 |
Bryan Quigley |
bug task added |
|
linux |
|
2020-05-13 18:55:00 |
Bug Watch Updater |
linux: status |
Unknown |
Confirmed |
|
2020-05-13 18:55:00 |
Bug Watch Updater |
linux: importance |
Unknown |
Medium |
|
2020-05-13 18:55:07 |
Bug Watch Updater |
bug watch added |
|
https://fedorahosted.org/gss-proxy/ticket/1 |
|