NFS - MNT_NOEXEC [WAS Re: MNT_NOEXEC on root filesystem with diskless PXE boot?]

2005-08-24 Thread Sten Spans 

On Thu, 31 Mar 2005, Colin Percival wrote:


Tom Alsberg wrote:

Perhaps this should go to -STABLE, I just couldn't be sure.


It will get more attention on freebsd-stable@, so I'm CCing that list.


We are trying out FreeBSD 5.4-PRERELEASE on diskless clients.  I
noticed one problem, being that when setting the LD_LIBRARY_PATH
(or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
variables, nothing will run, as /libexec/ld-elf.so.1 complains:

Cannot execute objects on /

According to the sources, this was added in 5.4, and will happen
if / is mounted noexec.


Yes, that's quite correct -- although I can't imagine how a bug which
caused / to be labelled as noexec managed to avoid causing major
problems until now.

I don't know anything about NFS, but hopefully someone on -stable
will be able to work out what's going on from the rest of your
email (quoted below).

Colin Percival


In this case, / is mounted by the BTX PXE loader over NFS (from a
FreeBSD 5.3 server, right now).  mount does not show the noexec
flag.  However, with the attached little C program I verified that
statfs really returns this flag (0x0006).

Now, I see that on FreeBSD 5.3 diskless clients this flag is also
returned on / - just it happened that nobody looked at it until
the change in rtld.c of FreeBSD 5.4:

if (fs.f_flags  MNT_NOEXEC) {
_rtld_error(Cannot execute objects on %s\n, fs.f_mntonname);
close(fd);
return NULL;
}

I didn't yet understand (didn't check much) - why does statfs report
the MNT_NOEXEC flag on the / filesystem (and only the / filesystem,
when it's mounted from NFS by the bootloader - not any other
NFS filesystems)?  BTW, this happens also with NetApp as the NFS
server - just to rule out any possibility of relation here.

  Ideas appreciated,
  -- Tom





#include stdio.h
#include fcntl.h
#include sys/param.h
#include sys/mount.h


int main(int argc, char *argv[])
{
if (argc != 2) {
fprintf(stderr, invalid number of arguments);
return -1;
}

struct statfs stbuf;

if (statfs(argv[1], stbuf) != 0) {
perror(fstatfs);
return -1;
}

printf(FLAGS: 0x%08X\n, stbuf.f_flags);
if (stbuf.f_flags  MNT_NOEXEC)
printf(MNT_NOEXEC\n);

return 0;
}


I've managed to reproduce this with a simple:

www1# gcc -o noexec noexec.c
www1# umount /buildroot/
www1# mount nfs3:/export/vol1/build/BUILDROOT-WWW /buildroot
www1# ./noexec /buildroot/
exec
www1# umount /buildroot/
www1# mount -o -r=32768 nfs3:/export/vol1/build/BUILDROOT-WWW /buildroot
www1# ./noexec /buildroot/
noexec
www1#

Pretty funky shit this :).

PR: 85268
http://www.freebsd.org/cgi/query-pr.cgi?pr=85268

Anybody care to take a deeper look ?

--
Sten Spans

There is a crack in everything, that's how the light gets in.
Leonard Cohen - Anthem
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: MNT_NOEXEC on root filesystem with diskless PXE boot?

2005-03-31 Thread Colin Percival 
Tom Alsberg wrote:
 Perhaps this should go to -STABLE, I just couldn't be sure.

It will get more attention on freebsd-stable@, so I'm CCing that list.

 We are trying out FreeBSD 5.4-PRERELEASE on diskless clients.  I
 noticed one problem, being that when setting the LD_LIBRARY_PATH
 (or for that matter, LD_PRELOAD, and LD_LIBMAP_DISABLE) environment
 variables, nothing will run, as /libexec/ld-elf.so.1 complains:
 
 Cannot execute objects on /
 
 According to the sources, this was added in 5.4, and will happen
 if / is mounted noexec.

Yes, that's quite correct -- although I can't imagine how a bug which
caused / to be labelled as noexec managed to avoid causing major
problems until now.

I don't know anything about NFS, but hopefully someone on -stable
will be able to work out what's going on from the rest of your
email (quoted below).

Colin Percival

 In this case, / is mounted by the BTX PXE loader over NFS (from a
 FreeBSD 5.3 server, right now).  mount does not show the noexec
 flag.  However, with the attached little C program I verified that
 statfs really returns this flag (0x0006).
 
 Now, I see that on FreeBSD 5.3 diskless clients this flag is also
 returned on / - just it happened that nobody looked at it until
 the change in rtld.c of FreeBSD 5.4:
 
 if (fs.f_flags  MNT_NOEXEC) {
   _rtld_error(Cannot execute objects on %s\n, fs.f_mntonname);
   close(fd);
   return NULL;
 }
 
 I didn't yet understand (didn't check much) - why does statfs report
 the MNT_NOEXEC flag on the / filesystem (and only the / filesystem,
 when it's mounted from NFS by the bootloader - not any other
 NFS filesystems)?  BTW, this happens also with NetApp as the NFS 
 server - just to rule out any possibility of relation here.
 
   Ideas appreciated,
   -- Tom
 
 
 
 
 
 #include stdio.h
 #include fcntl.h
 #include sys/param.h
 #include sys/mount.h
 
 
 int main(int argc, char *argv[])
 {
 if (argc != 2) {
   fprintf(stderr, invalid number of arguments);
   return -1;
 }
 
 struct statfs stbuf;
 
 if (statfs(argv[1], stbuf) != 0) {
   perror(fstatfs);
   return -1;
 }
 
 printf(FLAGS: 0x%08X\n, stbuf.f_flags);
 if (stbuf.f_flags  MNT_NOEXEC)
   printf(MNT_NOEXEC\n);
 
 return 0;
 }
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to [EMAIL PROTECTED]