| 2019-04-10 03:28:08 |
Ryan Stark |
description |
When upgrading from xenial kernel (4.4.0-145) to linux-image-generic-hwe-16.04 (4.15.0-47) I am no longer able to run an application that checks it's data directory for write access/path traversal when that directory is an NFS share. This works on 4.4 and 3.13 kernels that I tested with but fails on 4.15. I'm using NFSv3 and have seen the behavior with both a synology NAS as the nfs-server as well as my xenial desktop as the nfs-server.
To reproduce:
0.) Boot test machine with kernel 4.15.0-47
1.) set up a NFS export on another machine (nfs-server)
/etc/exports:
/srv/nfstest 192.168.100.100(rw,sync,no_subtree_check)
2.) mount the NFS share on the test machine and give a non-root user ownership of the mount, in my case I have a user: aptly, with home=/var/lib/aptly, and I mounted the NFS at /var/lib/aptly/test. aptly:aptly owns /var/lib/aptly/test.
/etc/fstab:
192.168.100.101:/srv/nfstest /var/lib/aptly/test nfs rw,mountvers=3
3.) attempt to call access.W_OK on the mount as the non-root user `strace ./testaccess.py`
stderr:
...
access("/var/lib/aptly/test", W_OK) = -1 EACCES (Permission denied)
...
stdout:
('Writeable:', False)
('user r,e,s', (5062, 5062, 5062))
('group r,e,s', (5062, 5062, 5062))
posix.stat_result(st_mode=16895, st_ino=101188113, st_dev=48, st_nlink=3, st_uid=5062, st_gid=5062, st_size=4096, st_atime=1554858490, st_mtime=1554858633, st_ctime=1554858633)
testaccess.py:
#!/usr/bin/python
import os
import sys
from pprint import pprint
directory = '/var/lib/aptly/test'
if __name__ == "__main__":
writeable = os.access(directory, os.W_OK)
print("Writeable:", writeable)
print("user r,e,s", os.getresuid())
print("group r,e,s", os.getresgid())
pprint(os.stat(directory)) |
When upgrading from xenial kernel (4.4.0-145) to linux-image-generic-hwe-16.04 (4.15.0-47) I am no longer able to run an application that checks it's data directory for write access/path traversal when that directory is an NFS share. This works on 4.4 and 3.13 kernels that I tested with but fails on 4.15. I'm using NFSv3 and have seen the behavior with both a synology NAS as the nfs-server as well as my xenial desktop as the nfs-server.
To reproduce:
0.) Boot test machine with kernel 4.15.0-47
1.) set up a NFS export on another machine (nfs-server)
/etc/exports:
/srv/nfstest 192.168.100.100(rw,sync,no_subtree_check)
2.) mount the NFS share on the test machine and give a non-root user ownership of the mount, in my case I have a user: aptly, with home=/var/lib/aptly, and I mounted the NFS at /var/lib/aptly/test. aptly:aptly owns /var/lib/aptly/test.
/etc/fstab:
192.168.100.101:/srv/nfstest /var/lib/aptly/test nfs rw,mountvers=3
3.) attempt to call access.W_OK on the mount as the non-root user `strace ./testaccess.py`
stderr:
...
access("/var/lib/aptly/test", W_OK) = -1 EACCES (Permission denied)
...
stdout:
('Writeable:', False)
('user r,e,s', (5062, 5062, 5062))
('group r,e,s', (5062, 5062, 5062))
posix.stat_result(st_mode=16895, st_ino=101188113, st_dev=48, st_nlink=3, st_uid=5062, st_gid=5062, st_size=4096, st_atime=1554858490, st_mtime=1554858633, st_ctime=1554858633)
testaccess.py:
#!/usr/bin/python
import os
import sys
from pprint import pprint
directory = '/var/lib/aptly/test'
if __name__ == "__main__":
writeable = os.access(directory, os.W_OK)
print("Writeable:", writeable)
print("user r,e,s", os.getresuid())
print("group r,e,s", os.getresgid())
pprint(os.stat(directory))
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 9 18:53 seq
crw-rw---- 1 root audio 116, 33 Apr 9 18:53 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.18
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 16.04
HibernationDevice: RESUME=/dev/mapper/pao03--aptly01--vg-swap_1
InstallationDate: Installed on 2019-04-09 (1 days ago)
InstallationMedia: Ubuntu-Server 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
IwConfig: Error: [Errno 2] No such file or directory
Lsusb: Error: command ['lsusb'] failed with exit code 1:
MachineType: VMware, Inc. VMware Virtual Platform
Package: linux (not installed)
PciMultimedia:
ProcFB: 0 svgadrmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-47-generic root=/dev/mapper/pao03--aptly01--vg-root ro
ProcVersionSignature: Ubuntu 4.15.0-47.50~16.04.1-generic 4.15.18
RelatedPackageVersions:
linux-restricted-modules-4.15.0-47-generic N/A
linux-backports-modules-4.15.0-47-generic N/A
linux-firmware 1.157.21
RfKill: Error: [Errno 2] No such file or directory
Tags: xenial xenial
Uname: Linux 4.15.0-47-generic x86_64
UnreportableReason: The report belongs to a package that is not installed.
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: False
dmi.bios.date: 07/28/2017
dmi.bios.vendor: Phoenix Technologies LTD
dmi.bios.version: 6.00
dmi.board.name: 440BX Desktop Reference Platform
dmi.board.vendor: Intel Corporation
dmi.board.version: None
dmi.chassis.asset.tag: No Asset Tag
dmi.chassis.type: 1
dmi.chassis.vendor: No Enclosure
dmi.chassis.version: N/A
dmi.modalias: dmi:bvnPhoenixTechnologiesLTD:bvr6.00:bd07/28/2017:svnVMware,Inc.:pnVMwareVirtualPlatform:pvrNone:rvnIntelCorporation:rn440BXDesktopReferencePlatform:rvrNone:cvnNoEnclosure:ct1:cvrN/A:
dmi.product.name: VMware Virtual Platform
dmi.product.version: None
dmi.sys.vendor: VMware, Inc. |
|
