shirsch at ibm
Mar 17, 1998, 8:31 PM
Post #1 of 2
(21 views)
Permalink
|
All,
My first kernel bug swatted <g>.
Although unx_marshal() is kind enough to test whether it's read past the
last valid gid for the current RPC request, unx_create_cred() fails to
perform this check when building cred->uc_gids[] in the first place! This
guarantees that the server will be passed NGROUPS gids in every credential
(defined as 16 since forever).
Most modern NFS servers have no problem with this, but my trusty old IBM
PC-RT runs an old variant of 4.3BSD with a compiled-in limit of 8 group
ids per credential. Although no user on the client belongs to more than 8
groups, the mount always failed on nfs_get_super() with AUTH_BADCRED
(generally manifested as the dreaded "Bad superblock, too many file
systems mounted, blah, blah" catchall complaint).
This logic was present in 2.0.x, which is why I never saw this with older
kernels. Must have slipped through the cracks somewhere <g.>
Enjoy!
Steve
--- linux-2.1.90/net/sunrpc/auth_unix.c Wed Oct 30 03:39:45 1996
+++ linux/net/sunrpc/auth_unix.c Tue Mar 17 22:10:52 1998
@@ -88,8 +88,11 @@
cred->uc_gid = current->gid;
cred->uc_fsuid = current->fsuid;
cred->uc_fsgid = current->fsgid;
- for (i = 0; i < 16 && i < NGROUPS; i++)
+ for (i = 0; i < 16 && i < NGROUPS &&
+ current->groups[i] != (gid_t) NOGROUP; i++)
cred->uc_gids[i] = (gid_t) current->groups[i];
+ if (i < NGROUPS)
+ cred->uc_gids[1] = (gid_t) NOGROUP;
}
return (struct rpc_cred *) cred;
@@ -141,7 +144,8 @@
|| cred->uc_fsgid != current->fsgid)
return 0;
- for (i = 0; i < 16 && i < NGROUPS; i++)
+ for (i = 0; i < 16 && i < NGROUPS &&
+ current->groups[i] != (gid_t) NOGROUP; i++)
if (cred->uc_gids[i] != (gid_t) current->groups[i])
return 0;
return 1;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
|
