Re: [Kernel-packages] [Bug 1626749] Re: autofs set $USER to "root" instead of current user
The upgrade from 4.4.0-36 to 4.4.0-38 is what broke autofs and sshfs. I posted this bug because it was not listed as a security issue. Since this bug forces a switch from certificates to password authentication, it should be considered as a security problem and the severity should be escalated. Apparently Ubuntu staff do not agree. Gerald Gerald Lovel | 901.276.1004 glo...@aaltsys.com | AAltSys.com AAltSys Technology Center <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=aaltsys&aq=&sll=37.0625,-95.677068&sspn=52.947994,100.898438&ie=UTF8&hq=aaltsys&hnear=&z=13&iwloc=A&cid=7533665924136652323> On Wed, Oct 5, 2016 at 7:24 PM, Fabio wrote: > I had the same problem after doing a "do-release-upgrade" from 14.04 to > 16.04 on October 5, 2016. > The kernel installed by default was 4.4.0-38. > > After reading this thread I installed 4.4.0-40.60. > With both 4.4.0-38 and 4.4.0-40.60 I have the problem of $USER being > mapped to root instead of to the current user. > > I then installed kernel 4.4.0-36 (which I'm using on other VMs that were > upgraded a few weeks back) and everything worked just fine. > > -- > You received this bug notification because you are subscribed to a > duplicate bug report (1628586). > https://bugs.launchpad.net/bugs/1626749 > > Title: > autofs set $USER to "root" instead of current user > > Status in linux package in Ubuntu: > Incomplete > > Bug description: > Since last kernel upgrade from 4.4.0-36 to 4.4.0-38 automount failed to > mount remote smb FS. > The configuration file use $USER, $UID and $GID variables : > i.e. : > music > -fstype=cifs,credentials=/home/$USER/.creds-file,user=$USER,uid=$UID,gid=$GID > ://192.168.1.9/music > > When a user account try to mount the FS, automount complain : > >>> error 2 (No such file or directory) opening credential file > /home/root/.creds-file > > $USER, $UID and $GID are now sets with root variables instead of user > account variables > > ProblemType: Bug > DistroRelease: Ubuntu 16.04 > Package: autofs 5.1.1-1ubuntu3 > ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 > Uname: Linux 4.4.0-38-generic x86_64 > ApportVersion: 2.20.1-0ubuntu2.1 > Architecture: amd64 > Date: Thu Sep 22 23:17:27 2016 > ExecutablePath: /usr/sbin/automount > InstallationDate: Installed on 2016-02-07 (228 days ago) > InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 > (20151021) > ProcEnviron: >PATH=(custom, no user) >LANG=fr_FR.UTF-8 > SourcePackage: autofs > UpgradeStatus: Upgraded to xenial on 2016-04-28 (147 days ago) > --- > ApportVersion: 2.20.1-0ubuntu2.1 > Architecture: amd64 > AudioDevicesInUse: >USERPID ACCESS COMMAND >/dev/snd/controlC0: nicolas1941 F pulseaudio > DistroRelease: Ubuntu 16.04 > HibernationDevice: RESUME=UUID=1ad9a17c-8b27-4436-a024-6c9ae99a5b87 > InstallationDate: Installed on 2016-02-07 (228 days ago) > InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Release amd64 > (20151021) > MachineType: Sony Corporation SVS1511R9ES > Package: linux (not installed) > ProcEnviron: >LANGUAGE=fr_FR >TERM=xterm-256color >PATH=(custom, no user) >LANG=fr_FR.UTF-8 >SHELL=/bin/bash > ProcFB: 0 inteldrmfb > ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.4.0-38-generic.efi.signed > root=UUID=df815dd3-2e1b-42d3-aef8-1823eb5d4f75 ro quiet splash > vt.handoff=7 > ProcVersionSignature: Ubuntu 4.4.0-38.57-generic 4.4.19 > PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No > PulseAudio daemon running, or not running as session daemon. > RelatedPackageVersions: >linux-restricted-modules-4.4.0-38-generic N/A >linux-backports-modules-4.4.0-38-generic N/A >linux-firmware1.157.3 > Tags: xenial > Uname: Linux 4.4.0-38-generic x86_64 > UpgradeStatus: Upgraded to xenial on 2016-04-28 (147 days ago) > UserGroups: > > _MarkForUpload: True > dmi.bios.date: 03/30/2012 > dmi.bios.vendor: Insyde Corp. > dmi.bios.version: R0140C5 > dmi.board.asset.tag: N/A > dmi.board.name: VAIO > dmi.board.vendor: Sony Corporation > dmi.board.version: N/A > dmi.chassis.asset.tag: N/A > dmi.chassis.type: 10 > dmi.chassis.vendor: Sony Corporation > dmi.chassis.version: N/A > dmi.modalias: dmi:bvnInsydeCorp.:bvrR0140C5:bd03/30/2012: > svnSonyCorporation:pnSVS1511R9ES:pvrC60AGQAL:rvnSonyCorporation:rnVAIO: > rvrN/A:cvnSonyCorporation:ct10:cvrN/A: > dmi.produ
Re: [Kernel-packages] [Bug 1628586] Re: using version 4.4.0-38-generic, x86_64 on MacMini
*** This bug is a duplicate of bug 1626749 *** https://bugs.launchpad.net/bugs/1626749 This is my experience as well. I believe this was part of the original bug, but the important issue is that because $USER does not work, automated file system attaches using user credentials do not work. (Or to make them work, we would have to have an autofs.conf file with special-case logic for every possible user, contrary to the point of the utility.) Or, we could drop the user certificate logins and use root login with share passwords, defeating the security of the shares. Therefore the bug is a security issue, and the priority should be upped accordingly. Gerald Gerald Lovel | 901.276.1004 glo...@aaltsys.com | AAltSys.com AAltSys Technology Center <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=aaltsys&aq=&sll=37.0625,-95.677068&sspn=52.947994,100.898438&ie=UTF8&hq=aaltsys&hnear=&z=13&iwloc=A&cid=7533665924136652323> On Fri, Oct 14, 2016 at 11:49 AM, kalyp <1628...@bugs.launchpad.net> wrote: > *** This bug is a duplicate of bug 1626749 *** > https://bugs.launchpad.net/bugs/1626749 > > I don't think this is a duplicate bug, or rather, I am not affected by > this one and am by #1626749. On my side, replacing $USER by my username > works. I have 2 identical lines in autofs, one with > credentials=/home/$USER/.credentials (fails as it looks for > /home/root/.credentials), one with > credentials=/home/myusername/.credentials (works just fine for me). > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1628586 > > Title: > using version 4.4.0-38-generic, x86_64 on MacMini > > Status in linux package in Ubuntu: > New > > Bug description: > Confirmation of bug #1626749 regarding $USER token substitution > problem in autofs. Even when the $USER token was replaced with a valid > username for the share, autofs was unable to mount shares using > certificates, nor could sshfs. These programs reverted to password > authentication instead. The reason for mounting with certificates > instead of passwords is security, of course. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/linux/+bug/ > 1628586/+subscriptions > -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1628586 Title: using version 4.4.0-38-generic, x86_64 on MacMini Status in linux package in Ubuntu: New Bug description: Confirmation of bug #1626749 regarding $USER token substitution problem in autofs. Even when the $USER token was replaced with a valid username for the share, autofs was unable to mount shares using certificates, nor could sshfs. These programs reverted to password authentication instead. The reason for mounting with certificates instead of passwords is security, of course. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1628586/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
Re: [Kernel-packages] [Bug 1629204] Re: Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40
Agreed. Gerald Gerald Lovel | 901.276.1004 glo...@aaltsys.com | AAltSys.com AAltSys Technology Center <http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=aaltsys&aq=&sll=37.0625,-95.677068&sspn=52.947994,100.898438&ie=UTF8&hq=aaltsys&hnear=&z=13&iwloc=A&cid=7533665924136652323> On Mon, Nov 14, 2016 at 5:09 AM, Chris van Run <1629...@bugs.launchpad.net> wrote: > I can confirm that using 4.4.0-47.68 version has resolved the autofs > problem. > > Cheers, Chris > > -- > You received this bug notification because you are subscribed to a > duplicate bug report (1628586). > https://bugs.launchpad.net/bugs/1629204 > > Title: > Autofs parameter substitution broken in kernel 4.4.0-38 and 4.4.0-40 > > Status in linux package in Ubuntu: > Fix Released > Status in linux source package in Xenial: > Fix Released > Status in linux source package in Yakkety: > Fix Released > > Bug description: > SRU Justification > > Impact: ca6fe3344554 "fs: Call d_automount with the filesystems creds" > causes a regression in the requester uid and gid passed to userspace > during automount, as the current credentials during automount are > those of root and not the user who requested the mount. > > Fix: Use current->real_cred instead of current->cred for getting the > requester's uid and gid. > > Regression Potential: Minimal. current->cred and current->real_cred > are the same except when credentials are overridden, thus > current->real_cred contains the same credentials that autofs had been > using prior to the change which overrides the credentials during > automount. > > --- > > Hello, > > I have run into a bug relating autofs's parameter substitution (e.g. > UID, GID, etc) with kernel versions 4.4.0-38 and proposed 4.4.0-40. > Kernel version 4.4.0-28 does things correctly but testing intermediate > kernel versions is hard due to earlier bugs related with fs's. > Incorrect parameter substitution makes CIFS mounting with variable > credentials impossible. > > Wat was expected: > $UID in autofs map are substituted by the uid of the user that starts > the auto-mounting process. > > What actually happens: > Root's uid (0) is substituted instead. > > This ill parameter substitution likely caused by recent fixes > resolving permissions problems for nfs/cifs mounts and dfs referrals > (#1626112 and #1612135). And possibly the fix 'fs: Call d_automount > with the filesystems creds' but that is a wild guess. > > Furthermore; playing with the force_standard_program_map_env settings > in autofs.conf and prefixing variables with 'AUTOFS_' does not solve > anything. > > Yours kindly, > > Chris > > Additional info > > lsb_release -rd > Description:Ubuntu 16.04.1 LTS > Release:16.04 > --- > ApportVersion: 2.20.1-0ubuntu2.1 > Architecture: amd64 > AudioDevicesInUse: >USERPID ACCESS COMMAND >/dev/snd/controlC0: run1 3015 F pulseaudio > DistroRelease: Ubuntu 16.04 > HibernationDevice: RESUME=UUID=f2a2c5c4-2f41-482a-80b4-968a87131214 > InstallationDate: Installed on 2016-09-19 (10 days ago) > InstallationMedia: Kubuntu 16.04.1 LTS "Xenial Xerus" - Release amd64 > (20160719) > IwConfig: >enp0s8no wireless extensions. > >enp0s3no wireless extensions. > >lono wireless extensions. > Lsusb: >Bus 001 Device 002: ID 80ee:0021 VirtualBox USB Tablet >Bus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > MachineType: innotek GmbH VirtualBox > Package: linux (not installed) > ProcEnviron: >LANGUAGE= >TERM=xterm >PATH=(custom, no user) >LANG=en_US.UTF-8 >SHELL=/bin/bash > ProcFB: 0 vboxdrmfb > ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-40-generic > root=/dev/sda1 ro quiet splash > ProcVersionSignature: Ubuntu 4.4.0-40.60-generic 4.4.21 > PulseList: >Error: command ['pacmd', 'list'] failed with exit code 1: Home > directory not accessible: Permission denied >No PulseAudio daemon running, or not running as session daemon. > RelatedPackageVersions: >linux-restricted-modules-4.4.0-40-generic N/A >linux-backports-modules-4.4.0-40-generic N/A >linux-firmware1.157.3 > RfKill: > > Tags: xenial > Uname: Linux 4.4.0-40-generic x86_64 > UpgradeStatus: No upgrade log present (probably fresh install) > UserGroups: > &
