Control: tags 962254 +security -unreproducible Control: severity 962254 grave
On Fri, Jun 05, 2020 at 08:36:31PM +0200, Salvatore Bonaccorso wrote: > This now let some rings bell, the described scenario is very similar > to what was reported in https://bugs.debian.org/934160 > > Respectively > https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 and > https://bugzilla.redhat.com/show_bug.cgi?id=1667761 . Upon more experimentation I continue to favor this being a kernel bug (src:linux, bug #962254) and not a bug with nfs-common. Setting vers=4.1 works around the issue, so this is *strictly* NFSv4.2. I was able to reproduce this issue on a system with nfs-common 1:1.3.4-2.1 and a 4.19.118-2 kernel. Based upon what I've observed I believe this requires a recent kernel on *both* NFS client and NFS server. A NFS client with 4.9 connecting to a NFS server with 4.19 does NOT experience this issue. I suspect my earlier assessment of this appearing between 4.19.98-1 and 4.19.118-2 was erroneous. I think I was mislead by the order of computers being updated, and a NFS client with 4.19 connecting to a NFS server with 4.9 also does not experience this issue. >From https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1779736 this bug appeared somewhere between Linux kernels 4.9 and 4.15. I concur with John Goerzen's assessment of this qualifying as grave due to its security implications. -- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sig...@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445