← Back to team overview

kernel-packages team mailing list archive

[Bug 833300] Re: NFSv4 mount point does not allow binary files to run when permissions are set only to execute

 

This release has reached end-of-life [0].

[0] https://wiki.ubuntu.com/Releases

** Changed in: linux (Ubuntu Maverick)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/833300

Title:
  NFSv4 mount point does not allow binary files to run when permissions
  are set only to execute

Status in The Linux Kernel:
  Confirmed
Status in “linux” package in Ubuntu:
  Fix Released
Status in “linux” source package in Lucid:
  Fix Released
Status in “linux” source package in Maverick:
  Invalid
Status in “linux” source package in Natty:
  Fix Released
Status in “linux” source package in Oneiric:
  Fix Released
Status in “linux” source package in Precise:
  Fix Released

Bug description:
  Affected releases:
  - Lucid, Natty when running NFSv4

  One cannot run binary files when permissions are set to ---x--x--x on
  systems running NFSv4.

  Expected behaviour:
  - Allow binaries to run by just having --x (execute) permissions. This works when the mount point is created using NFSv3. According to the literature if it is a binary it makes an exec() call to the kernel therefore you don't need to have (read) permissions on the file.

  PS: Scripts run as expected when they have the following r-x
  permissions. Since scripts have to pass by an interpreter ( perl, bash
  ) they do need to have (read and exec) permissions.

  Steps to reproduce

  1. Install nfs
  2. configure /etc/export
  /data/nfs	*(rw,fsid=0,sync,no_subtree_check)
  3. Mount using nfsv4
  sudo mount -t nfs4 -o proto=tcp,port=2049 localhost:/ /mnt

  4. cd /mnt
  ls -la a.out script.sh 
  ---x--x--x 1 ubuntu ubuntu 8461 2011-08-24 17:59 a.out
  ---x--x--x 1 ubuntu ubuntu   27 2011-08-24 17:58 script.sh
  5. running binary and script
  ubuntu@ip-10-194-34-180:/mnt$ ./a.out 
  -bash: ./a.out: Permission denied
  ubuntu@ip-10-194-34-180:/mnt$ ./script.sh 
  -bash: ./script.sh: Permission denied

  ubuntu@ip-10-194-34-180:/mnt$ mount -v
  /dev/sda1 on / type ext3 (rw)
  proc on /proc type proc (rw,noexec,nosuid,nodev)
  none on /sys type sysfs (rw,noexec,nosuid,nodev)
  none on /sys/kernel/debug type debugfs (rw)
  none on /sys/kernel/security type securityfs (rw)
  none on /dev type devtmpfs (rw,mode=0755)
  none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
  none on /dev/shm type tmpfs (rw,nosuid,nodev)
  none on /var/run type tmpfs (rw,nosuid,mode=0755)
  none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
  none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
  nfsd on /proc/fs/nfsd type nfsd (rw)
  rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
  localhost:/ on /mnt type nfs4 (rw,proto=tcp,port=2049,clientaddr=127.0.0.1,addr=127.0.0.1)


  ==
  When running nfsv3
  1. sudo mount -t nfs -o vers=3 localhost:/data/nfs /mnt

  2. testing again
  ubuntu@ip-10-194-34-180:/mnt$ ./a.out 
  Hello Ubuntu!
  ubuntu@ip-10-194-34-180:/mnt$ ./script.sh 
  /bin/bash: ./script.sh: Permission denied
  ubuntu@ip-10-194-34-180:/mnt$ 

  ubuntu@ip-10-194-34-180:~$ mount -v
  /dev/sda1 on / type ext3 (rw)
  proc on /proc type proc (rw,noexec,nosuid,nodev)
  none on /sys type sysfs (rw,noexec,nosuid,nodev)
  none on /sys/kernel/debug type debugfs (rw)
  none on /sys/kernel/security type securityfs (rw)
  none on /dev type devtmpfs (rw,mode=0755)
  none on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
  none on /dev/shm type tmpfs (rw,nosuid,nodev)
  none on /var/run type tmpfs (rw,nosuid,mode=0755)
  none on /var/lock type tmpfs (rw,noexec,nosuid,nodev)
  none on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
  nfsd on /proc/fs/nfsd type nfsd (rw)
  rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
  localhost:/data/nfs on /mnt type nfs (rw,vers=3,addr=127.0.0.1)
  --- 
  AlsaVersion: Advanced Linux Sound Architecture Driver Version 1.0.23.
  AplayDevices: Error: [Errno 2] No such file or directory
  Architecture: amd64
  ArecordDevices: Error: [Errno 2] No such file or directory
  AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/by-path', '/dev/snd/controlC0', '/dev/snd/pcmC0D0c', '/dev/snd/pcmC0D0p', '/dev/snd/pcmC0D1p', '/dev/snd/midiC0D0', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
  CRDA: Error: [Errno 2] No such file or directory
  Card0.Amixer.info: Error: [Errno 2] No such file or directory
  Card0.Amixer.values: Error: [Errno 2] No such file or directory
  CurrentDmesg:
   [    3.585529] NFSD: Using /var/lib/nfs/v4recovery as the NFSv4 state recovery directory
   [    3.585840] NFSD: starting 90-second grace period
   [   13.220124] eth0: no IPv6 routers present
  DistroRelease: Ubuntu 11.04
  HibernationDevice: RESUME=UUID=de537731-98cc-4485-a83e-21a766dd1354
  IwConfig:
   lo        no wireless extensions.
   
   eth0      no wireless extensions.
  Lsusb: Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
  MachineType: Bochs Bochs
  Package: linux (not installed)
  ProcEnviron:
   LANGUAGE=en_US:
   LANG=en_US
   SHELL=/bin/bash
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-2.6.38-10-server root=/dev/mapper/hostname-root ro quiet
  ProcVersionSignature: Ubuntu 2.6.38-10.46-server 2.6.38.7
  RelatedPackageVersions:
   linux-restricted-modules-2.6.38-10-server N/A
   linux-backports-modules-2.6.38-10-server  N/A
   linux-firmware                            1.52
  RfKill:
   
  Tags:  natty
  Uname: Linux 2.6.38-10-server x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
  dmi.bios.date: 01/01/2007
  dmi.bios.vendor: Bochs
  dmi.bios.version: Bochs
  dmi.chassis.type: 1
  dmi.chassis.vendor: Bochs
  dmi.modalias: dmi:bvnBochs:bvrBochs:bd01/01/2007:svnBochs:pnBochs:pvr:cvnBochs:ct1:cvr:
  dmi.product.name: Bochs
  dmi.sys.vendor: Bochs

To manage notifications about this bug go to:
https://bugs.launchpad.net/linux/+bug/833300/+subscriptions