kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #07686
[Bug 833300] Re: NFSv4 mount point does not allow binary files to run when permissions are set only to execute
This release has reached end-of-life [0].
[0] https://wiki.ubuntu.com/Releases
** Changed in: linux (Ubuntu Maverick)
Status: New => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/833300
Title:
NFSv4 mount point does not allow binary files to run when permissions
are set only to execute
Status in The Linux Kernel:
Confirmed
Status in “linux” package in Ubuntu:
Fix Released
Status in “linux” source package in Lucid:
Fix Released
Status in “linux” source package in Maverick:
Invalid
Status in “linux” source package in Natty:
Fix Released
Status in “linux” source package in Oneiric:
Fix Released
Status in “linux” source package in Precise:
Fix Released
Bug description:
Affected releases:
- Lucid, Natty when running NFSv4
One cannot run binary files when permissions are set to ---x--x--x on
systems running NFSv4.
Expected behaviour:
- Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.
PS: Scripts run as expected when they have the following r-x
permissions. Since scripts have to pass by an interpreter ( perl, bash
) they do need to have (read and exec) permissions.
Steps to reproduce
1. Install nfs
2. configure /etc/export
/data/nfs *(rw,fsid=0,sync,no_subtree_check)
3. Mount using nfsv4
sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt
4. cd /mnt
ls -la a.out script.sh
---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
---x--x--x 1 ubuntu ubuntu 27 2011-08-24 17:58 script.sh
5. running binary and script
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
-bash: ./a.out: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
-bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/ on /mnt type nfs4 (rw,proto=tcp,port=2049,clientaddr=127.0.0.1,addr=127.0.0.1)
==
When running nfsv3
1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt
2. testing again
ubuntu@ip-10-194-34-180:/mnt$ ./a.out
Hello Ubuntu!
ubuntu@ip-10-194-34-180:/mnt$ ./script.sh
/bin/bash: ./script.sh: Permission denied
ubuntu@ip-10-194-34-180:/mnt$
ubuntu@ip-10-194-34-180:~$ mount -v
/dev/sda1 on / type ext3 (rw)
proc on /proc type proc (rw,noexec,nosuid,nodev)
none on /sys type sysfs (rw,noexec,nosuid,nodev)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /dev type devtmpfs (rw,mode=0755)
none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
none on /dev/shm type tmpfs (rw,nosuid,nodev)
none on /var/run type tmpfs (rw,nosuid,mode=0755)
none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
nfsd on /proc/fs/nfsd type nfsd (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
localhost:/data/nfs on /mnt type nfs (rw,vers=3,addr=127.0.0.1)
---
AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
AplayDevices: Error: [Errno 2] No such file or directory
Architecture: amd64
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1p', '/dev/snd/midiC0D0', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
CRDA: Error: [Errno 2] No such file or directory
Card0.Amixer.info: Error: [Errno 2] No such file or directory
Card0.Amixer.values: Error: [Errno 2] No such file or directory
CurrentDmesg:
[ 3.585529] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
[ 3.585840] NFSD: starting 90-second grace period
[ 13.220124] eth0: no IPv6 routers present
DistroRelease: Ubuntu 11.04
HibernationDevice: RESUME=UUID=de537731-98cc-4485-a83e-21a766dd1354
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
MachineType: Bochs Bochs
Package: linux (not installed)
ProcEnviron:
LANGUAGE=en_US:
LANG=en_US
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-2.6.38-10-server root=/dev/mapper/hostname-root ro quiet
ProcVersionSignature: Ubuntu 2.6.38-10.46-server 2.6.38.7
RelatedPackageVersions:
linux-restricted-modules-2.6.38-10-server N/A
linux-backports-modules-2.6.38-10-server N/A
linux-firmware 1.52
RfKill:
Tags: natty
Uname: Linux 2.6.38-10-server x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
dmi.bios.date: 01/01/2007
dmi.bios.vendor: Bochs
dmi.bios.version: Bochs
dmi.chassis.type: 1
dmi.chassis.vendor: Bochs
dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
dmi.product.name: Bochs
dmi.sys.vendor: Bochs
To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/833300/+subscriptions