| 2011-08-24 19:25:33 |
Leonardo Borda |
bug |
|
|
added bug |
| 2011-08-24 19:43:25 |
Leonardo Borda |
affects |
nfs-utils (Ubuntu) |
linux (Ubuntu) |
|
| 2011-08-24 19:44:15 |
Leonardo Borda |
bug watch added |
|
http://bugzilla.linux-nfs.org/show_bug.cgi?id=201 |
|
| 2011-08-24 19:48:12 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2011-08-24 22:26:14 |
Leonardo Borda |
bug |
|
|
added subscriber Canonical Support Server |
| 2011-08-25 00:51:49 |
Peter Matulis |
bug task added |
|
linux |
|
| 2011-09-07 16:05:46 |
Leonardo Borda |
tags |
|
apport-collected natty |
|
| 2011-09-07 16:05:48 |
Leonardo Borda |
description |
Affected releases:
- Lucid, Natty when running NFSv4
One cannot run binary files when permissions are set to ---x--x--x on systems running NFSv4.
Expected behaviour:
- Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.
PS: Scripts run as expected when they have the following r-x permissions. Since scripts have to pass by an interpreter ( perl, bash ) they do need to have (read and exec) permissions.
Steps to reproduce
1. Install nfs
2. configure /etc/export
/data/nfs *(rw,fsid=0,sync,no_subtree_check)
3. Mount using nfsv4
sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt
4. cd /mnt
ls -la a.out script.sh
---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
---x--x--x 1 ubuntu ubuntu 27 2011-08-24 17:58 script.sh
5. running binary and script
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
-bash: ./a.out: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
-bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/ on /mnt type nfs4 (rw,proto=tcp,port=2049,clientaddr=127.0.0.1,addr=127.0.0.1)
==
When running nfsv3
1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt
2. testing again
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
Hello Ubuntu!
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
/bin/bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$
ubuntu@ip-10-194-34-180:~$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/data/nfs on /mnt type nfs (rw,vers=3,addr=127.0.0.1) |
Affected releases:
- Lucid, Natty when running NFSv4
One cannot run binary files when permissions are set to ---x--x--x on systems running NFSv4.
Expected behaviour:
- Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.
PS: Scripts run as expected when they have the following r-x permissions. Since scripts have to pass by an interpreter ( perl, bash ) they do need to have (read and exec) permissions.
Steps to reproduce
1. Install nfs
2. configure /etc/export
/data/nfs *(rw,fsid=0,sync,no_subtree_check)
3. Mount using nfsv4
sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt
4. cd /mnt
ls -la a.out script.sh
---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
---x--x--x 1 ubuntu ubuntu 27 2011-08-24 17:58 script.sh
5. running binary and script
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
-bash: ./a.out: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
-bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/ on /mnt type nfs4 (rw,proto=tcp,port=2049,clientaddr=127.0.0.1,addr=127.0.0.1)
==
When running nfsv3
1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt
2. testing again
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
Hello Ubuntu!
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
/bin/bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$
ubuntu@ip-10-194-34-180:~$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/data/nfs on /mnt type nfs (rw,vers=3,addr=127.0.0.1)
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
AplayDevices: Error: [Errno 2] No such file or directory
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1p', '/dev/snd/midiC0D0', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
CurrentDmesg:
[ 3.585529] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 3.585840] NFSD: starting 90-second grace period
[ 13.220124] eth0: no IPv6 routers present
DistroRelease: Ubuntu 11.04
HibernationDevice: RESUME=UUID=de537731-98cc-4485-a83e-21a766dd1354
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: Bochs Bochs
Package: linux (not installed)
ProcEnviron:
LANGUAGE=en_US:
LANG=en_US
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-2.6.38-10-server root=/dev/mapper/hostname-root ro quiet
ProcVersionSignature: Ubuntu 2.6.38-10.46-server 2.6.38.7
RelatedPackageVersions:
linux-restricted-modules-2.6.38-10-server N/A
linux-backports-modules-2.6.38-10-server N/A
linux-firmware 1.52
RfKill:
Tags: natty
Uname: Linux 2.6.38-10-server x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs |
|
| 2011-09-07 16:05:50 |
Leonardo Borda |
attachment added |
|
AcpiTables.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367913/+files/AcpiTables.txt |
|
| 2011-09-07 16:05:52 |
Leonardo Borda |
attachment added |
|
AlsaDevices.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367914/+files/AlsaDevices.txt |
|
| 2011-09-07 16:05:54 |
Leonardo Borda |
attachment added |
|
BootDmesg.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367915/+files/BootDmesg.txt |
|
| 2011-09-07 16:05:56 |
Leonardo Borda |
attachment added |
|
Lspci.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367916/+files/Lspci.txt |
|
| 2011-09-07 16:05:58 |
Leonardo Borda |
attachment added |
|
PciMultimedia.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367917/+files/PciMultimedia.txt |
|
| 2011-09-07 16:06:00 |
Leonardo Borda |
attachment added |
|
ProcCpuinfo.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367918/+files/ProcCpuinfo.txt |
|
| 2011-09-07 16:06:02 |
Leonardo Borda |
attachment added |
|
ProcCpuinfo_.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367919/+files/ProcCpuinfo_.txt |
|
| 2011-09-07 16:06:04 |
Leonardo Borda |
attachment added |
|
ProcInterrupts.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367920/+files/ProcInterrupts.txt |
|
| 2011-09-07 16:06:06 |
Leonardo Borda |
attachment added |
|
ProcModules.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367921/+files/ProcModules.txt |
|
| 2011-09-07 16:06:10 |
Leonardo Borda |
attachment added |
|
UdevDb.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367922/+files/UdevDb.txt |
|
| 2011-09-07 16:06:12 |
Leonardo Borda |
attachment added |
|
UdevLog.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367923/+files/UdevLog.txt |
|
| 2011-09-07 16:06:14 |
Leonardo Borda |
attachment added |
|
WifiSyslog.txt https://bugs.launchpad.net/bugs/833300/+attachment/2367924/+files/WifiSyslog.txt |
|
| 2011-09-13 23:13:39 |
Tim Gardner |
linux (Ubuntu): status |
Incomplete |
Triaged |
|
| 2011-09-13 23:13:39 |
Tim Gardner |
linux (Ubuntu): assignee |
|
Canonical Kernel Team (canonical-kernel-team) |
|
| 2011-09-13 23:15:01 |
Tim Gardner |
bug |
|
|
added subscriber Tim Gardner |
| 2011-09-14 06:58:45 |
Torsten Spindler |
attachment added |
|
nfs4-execute-only.patch https://bugs.launchpad.net/ubuntu/+source/linux/+bug/833300/+attachment/2401204/+files/nfs4-execute-only.patch |
|
| 2011-09-21 20:49:42 |
Leonardo Borda |
bug |
|
|
added subscriber Jose Plans |
| 2011-10-19 16:51:03 |
Leonardo Borda |
bug watch added |
|
http://bugzilla.linux-nfs.org/show_bug.cgi?id=204 |
|
| 2011-10-19 16:53:03 |
Leonardo Borda |
linux: remote watch |
bugzilla.linux-nfs.org/ #201 |
bugzilla.linux-nfs.org/ #204 |
|
| 2011-10-19 19:56:03 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
Medium |
|
| 2011-10-19 20:17:24 |
Ubuntu Foundations Team Bug Bot |
tags |
apport-collected natty |
apport-collected natty patch |
|
| 2011-10-19 20:17:26 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Joseph Salisbury |
| 2011-11-16 15:44:16 |
Chris J Arges |
bug |
|
|
added subscriber Chris J Arges |
| 2011-11-16 17:13:15 |
Chris J Arges |
linux (Ubuntu): assignee |
Canonical Kernel Team (canonical-kernel-team) |
Chris J Arges (christopherarges) |
|
| 2011-12-12 21:49:48 |
Chris J Arges |
linux (Ubuntu): status |
Triaged |
In Progress |
|
| 2011-12-15 19:57:26 |
Chris J Arges |
attachment added |
|
0001-nfsd4-permit-read-opens-of-executable-only-files-natty.patch https://bugs.launchpad.net/ubuntu/+source/linux/+bug/833300/+attachment/2635009/+files/0001-nfsd4-permit-read-opens-of-executable-only-files-natty.patch |
|
| 2011-12-15 19:57:55 |
Chris J Arges |
attachment added |
|
0001-nfsd4-permit-read-opens-of-executable-only-files-lucid.patch https://bugs.launchpad.net/ubuntu/+source/linux/+bug/833300/+attachment/2635010/+files/0001-nfsd4-permit-read-opens-of-executable-only-files-lucid.patch |
|
| 2011-12-15 23:50:16 |
Brad Figg |
linux (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
nominated for series |
|
Ubuntu Lucid |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Lucid) |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
nominated for series |
|
Ubuntu Natty |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Natty) |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
nominated for series |
|
Ubuntu Oneiric |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Oneiric) |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
nominated for series |
|
Ubuntu Precise |
|
| 2011-12-16 14:57:21 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Precise) |
|
| 2011-12-16 14:57:39 |
Tim Gardner |
linux (Ubuntu Natty): status |
New |
Fix Committed |
|
| 2011-12-16 15:01:00 |
Tim Gardner |
linux (Ubuntu Lucid): status |
New |
Fix Committed |
|
| 2011-12-16 15:45:31 |
Tim Gardner |
linux (Ubuntu Oneiric): status |
New |
Fix Released |
|
| 2011-12-16 15:45:46 |
Tim Gardner |
linux (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
| 2011-12-16 15:47:02 |
Tim Gardner |
nominated for series |
|
Ubuntu Maverick |
|
| 2011-12-16 15:47:02 |
Tim Gardner |
bug task added |
|
linux (Ubuntu Maverick) |
|
| 2012-01-04 18:44:21 |
Herton R. Krzesinski |
tags |
apport-collected natty patch |
apport-collected natty patch verification-needed-natty |
|
| 2012-01-05 07:54:25 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-lts-backport-natty |
|
| 2012-01-05 07:58:26 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/lucid-proposed/linux-ec2 |
|
| 2012-01-05 08:04:38 |
Launchpad Janitor |
branch linked |
|
lp:ubuntu/maverick-proposed/linux-mvl-dove |
|
| 2012-01-05 12:20:51 |
Herton R. Krzesinski |
tags |
apport-collected natty patch verification-needed-natty |
apport-collected natty patch verification-needed-lucid verification-needed-natty |
|
| 2012-01-05 15:34:52 |
Chris J Arges |
tags |
apport-collected natty patch verification-needed-lucid verification-needed-natty |
apport-collected natty patch verification-done-lucid verification-needed-natty |
|
| 2012-01-05 17:42:46 |
Chris J Arges |
linux (Ubuntu Lucid): assignee |
|
Chris J Arges (christopherarges) |
|
| 2012-01-05 17:45:55 |
Chris J Arges |
tags |
apport-collected natty patch verification-done-lucid verification-needed-natty |
apport-collected natty patch verification-done-lucid verification-failed-natty |
|
| 2012-01-06 18:14:00 |
Chris J Arges |
linux (Ubuntu Natty): assignee |
|
Chris J Arges (christopherarges) |
|
| 2012-01-06 18:14:09 |
Chris J Arges |
tags |
apport-collected natty patch verification-done-lucid verification-failed-natty |
apport-collected natty patch verification-done-lucid verification-done-natty |
|
| 2012-01-24 05:36:45 |
Launchpad Janitor |
linux (Ubuntu Lucid): status |
Fix Committed |
Fix Released |
|
| 2012-01-24 05:36:45 |
Launchpad Janitor |
cve linked |
|
2011-1576 |
|
| 2012-01-24 05:36:45 |
Launchpad Janitor |
cve linked |
|
2011-2203 |
|
| 2012-01-24 05:36:45 |
Launchpad Janitor |
cve linked |
|
2011-4110 |
|
| 2012-01-24 05:40:16 |
Launchpad Janitor |
linux (Ubuntu Natty): status |
Fix Committed |
Fix Released |
|
| 2012-01-24 05:40:16 |
Launchpad Janitor |
cve linked |
|
2011-1162 |
|
| 2012-03-05 03:15:58 |
Curtis Hovey |
removed subscriber Registry Administrators |
|
|
|
| 2012-10-15 20:28:54 |
Chris J Arges |
bug |
|
|
added subscriber Sustaining Engineering |
| 2012-11-21 00:18:52 |
Bug Watch Updater |
linux: status |
Unknown |
Confirmed |
|
| 2012-11-21 00:18:52 |
Bug Watch Updater |
linux: importance |
Unknown |
Medium |
|
| 2013-08-18 17:29:46 |
Julian Wiedmann |
linux (Ubuntu Maverick): status |
New |
Invalid |
|
| 2014-01-30 15:45:56 |
Bug Watch Updater |
linux: status |
Confirmed |
Fix Released |
|
| 2014-02-07 16:03:13 |
Curtis Hovey |
removed subscriber Registry Administrators |
|
|
|
