>>>>> " " == Andries Brouwer <[EMAIL PROTECTED]> writes:
>> o util-linux 2.10o # kbdrate -v
<snip>
> If anything is wrong, bug reports and patches are welcome.
Hi Andries,
Nothing wrong/buggy to report, but could you please apply the
following patch in order to support the 'broken_suid' NFS mount
option. The latter enables a backward-compatibility feature.
To summarize the feature:
The old NFS had a feature whereby if a setuid process failed due to
EACCES or EPERM, the RPC engine would drop the privileged credentials,
and retry using the uid/gid (instead of fsuid/fsgid).
Of course, this sort of thing may be a security problem, so in 2.4.x
(and in 2.2.18pre) it has been disabled by default. Unfortunately some
broken programs rely on this silliness instead of bothering to
dropping privileges themselves (the setuid version of xterm trying to
read ~/.Xauthority being one of the more prominent offenders); hence
the decision to make a new mount option...
Cheers,
Trond
diff -u --recursive --new-file mount-2.9u.orig/nfs_mount4.h mount-2.9u/nfs_mount4.h
--- util-linux-2.10m.orig/mount/nfs_mount4.h Tue Sep 5 14:24:42 2000
+++ util-linux-2.10m/mount/nfs_mount4.h Tue Sep 5 14:27:55 2000
@@ -67,5 +67,6 @@
#define NFS_MOUNT_VER3 0x0080 /* 3 */
#define NFS_MOUNT_KERBEROS 0x0100 /* 3 */
#define NFS_MOUNT_NONLM 0x0200 /* 3 */
+#define NFS_MOUNT_BROKEN_SUID 0x0400 /* 4 */
#endif
diff -u --recursive --new-file mount-2.9u.orig/nfsmount.c mount-2.9u/nfsmount.c
--- util-linux-2.10m.orig/mount/nfsmount.c Tue Sep 5 14:24:42 2000
+++ util-linux-2.10m/mount/nfsmount.c Tue Sep 5 14:36:13 2000
@@ -217,6 +217,7 @@
int nocto;
int noac;
int nolock;
+ int broken_suid;
int retry;
int tcp;
int mountprog;
@@ -313,6 +314,7 @@
posix = 0;
nocto = 0;
nolock = 0;
+ broken_suid = 0;
noac = 0;
retry = 10000; /* 10000 minutes ~ 1 week */
tcp = 0;
@@ -423,6 +425,8 @@
nolock = !val;
else
printf(_("Warning: option nolock is not
supported.\n"));
+ } else if (!strcmp(opt, "broken_suid")) {
+ broken_suid = val;
} else {
if (!sloppy) {
printf(_("unknown nfs mount option: "
@@ -446,6 +450,10 @@
#if NFS_MOUNT_VERSION >= 3
if (nfs_mount_version >= 3)
data.flags |= (nolock ? NFS_MOUNT_NONLM : 0);
+#endif
+#if NFS_MOUNT_VERSION >= 4
+ if (nfs_mount_version >= 4)
+ data.flags |= (broken_suid ? NFS_MOUNT_BROKEN_SUID : 0);
#endif
if (nfsvers > MAX_NFSPROT) {
fprintf(stderr, "NFSv%d not supported!\n", nfsvers);
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.tux.org/lkml/
