On Thu, 10 Jan 2008, Alfred Perlstein wrote:
Pass curthread to various socket routines (socreate(), sobind(), and
soconnect()) instead of &thread0 when establishing a connection to the NFS
server. Otherwise inconsistent credentials may be used when setting up
the NFS socket.
I'm not sure, but I think this may be a regression, I seem to recall that
a long time ago it was switched to &thread0 because otherwise certain
operations can fail due to curthread not running as root.
That's my recollection too. For example, when nfs is configured to bind to
a priviliged local port for making queries or connections, it had to be
done as root. With tcp mounts, the connection can be dropped and a
reconnect required at any time.
This could be implemented by a handoff to a thread that does the appropriate
setuid call beforehand, or perhaps the credential inconsistencies can be
further expained or fixed.
The real bug is that sobind() and soconnect() take threads as arguments, and
should either take just credentials or credentials and threads depending on
whether they really want a thread as well. I started fixing this a few years
ago but it requires touching a lot of stuff (like protosw) so is pretty
disruptive. Basically, because they accept a thread as an argument, you can't
use the cached mount-time credential to authorize these further socket
operations. You don't want to used the cached socket()-time credential,
another obvious choice, as you want to be able to have the root user
bind()/connect() a socket and then hand it off to unprivileged processes to
use without being able to rebind/connect with privilege.
Possibly the above change should be modified to use curthread for UDP and
thread0 for TCP, as TCP can be reconnected but may not have the bind problem
John is running into, whereas UDP won't be reconnected?
Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
