bug-inetutils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rshd/rexecd chdir as root issues under NFS

From: Alex Muntada
Subject: rshd/rexecd chdir as root issues under NFS
Date: Thu, 5 Sep 2002 10:31:57 +0200
User-agent: Mutt/1.4i 
VERSION

  inetutils-1.4.1

SYNOPSIS

  Some time ago I got some trouble running rshd in NFS mounted
  home directories. I'm using Red Hat Linux and rshd is provided
  by a package named netkit-rsh or rsh. Since I was unable to
  find a way to report that issue to the original authors, I
  reported it to RedHat[1]. But today I got a mail from GNU
  announcing the new inetutils-1.4.1 version and just checked
  it out.

DESCRIPTION

  rshd and rexecd fail to change to user's home directory if it
  is mounted by NFS because it performs chdir(2) syscall before
  setuid(2) and user running rshd (i.e. root) becomes nobody in
  NFS mounts (this is a common scenario).

  This issue can be reproduced by following these steps:

    1. "mount /home" by NFS from some other host.
    2. "chmod o= /home/username" disabling access to user nobody
       (username should still have access to its own home).
    3. "rsh -l username hostname" from a remote host.
    4. "pwd" to get the current working directory (beware! must
       check that no "chdir" is performed during shell setup).
       
  The expected results should be "/home/username" but pwd command
  actually shows "/".

WORKAROUNDS

  There are two work-arounds to solve this issue but they have
  some security drawbacks: first is "chmod o+x /home/username",
  which enables user nobody to perform chdir(2) syscall before
  changing UID through setuid(2), but users may not want
  everybody to be able to access its home directory. Second is
  to enable the "no_root_squash" option or equivalent in the
  exportfs file.

  The best approach would be to modify rshd.c to perform UID
  changes before chdir(2), which should be performed while
  running as the user (not root nor nobody).

PATCHES

  See the attached files rshd.c.diff and rexecd.c.diff.

REFERENCES

  [1] https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=57392

THANKS

  Feel free to ask me for further info and/or help.
  Thanks in advance.

--
Alex Muntada <address@hidden>
http://people.ac.upc.es/alexm/

Attachment: rshd.c.diff
Description: rshd.c.diff

Attachment: rexecd.c.diff
Description: rexecd.c.diff

reply via email to
[Prev in Thread] Current Thread [Next in Thread]