From 6183e9944c33ced07e06750795a67f14cc3c7302 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Adam=20Go=C5=82=C4=99biowski?= Date: Tue, 14 Dec 2004 07:24:50 +0000 Subject: [PATCH] - new (CAN-2004-1014) Changed files: nfs-utils-usn36.patch -> 1.1 --- nfs-utils-usn36.patch | 531 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 531 insertions(+) create mode 100644 nfs-utils-usn36.patch diff --git a/nfs-utils-usn36.patch b/nfs-utils-usn36.patch new file mode 100644 index 0000000..3f6a458 --- /dev/null +++ b/nfs-utils-usn36.patch @@ -0,0 +1,531 @@ +--- nfs-utils-1.0.6.orig/utils/exportfs/exports.man ++++ nfs-utils-1.0.6/utils/exportfs/exports.man +@@ -256,6 +256,28 @@ + then the nominted path must be a mountpoint for the exportpoint to be + exported. + ++.TP ++.IR fsid= num ++This option forces the filesystem identification portion of the file ++handle and file attributes used on the wire to be ++.I num ++instead of a number derived from the major and minor number of the ++block device on which the filesystem is mounted. Any 32 bit number ++can be used, but it must be unique amongst all the exported filesystems. ++ ++This can be useful for NFS failover, to ensure that both servers of ++the failover pair use the same NFS file handles for the shared filesystem ++thus avoiding stale file handles after failover. ++ ++Some Linux filesystems are not mounted on a block device; exporting ++these via NFS requires the use of the ++.I fsid ++option (although that may still not be enough). ++ ++The value 0 has a special meaning when use with NFSv4. NFSv4 has a ++concept of a root of the overall exported filesystem. The export point ++exported with fsid=0 will be used as this root. ++ + .SS User ID Mapping + .PP + .I nfsd +--- nfs-utils-1.0.6.orig/utils/statd/statd.c ++++ nfs-utils-1.0.6/utils/statd/statd.c +@@ -179,8 +179,10 @@ + struct stat st; + + if (stat(SM_DIR, &st) == -1 && +- stat(DIR_BASE, &st) == -1) ++ stat(DIR_BASE, &st) == -1) { + st.st_uid = 0; ++ st.st_gid = 0; ++ } + + if (st.st_uid == 0) { + note(N_WARNING, "statd running as root. chown %s to choose different user\n", +@@ -399,6 +401,11 @@ + signal (SIGTERM, killer); + /* WARNING: the following works on Linux and SysV, but not BSD! */ + signal(SIGCHLD, SIG_IGN); ++ /* ++ * Ignore SIGPIPE to avoid statd dying when peers close their ++ * TCP connection while we're trying to reply to them. ++ */ ++ signal(SIGPIPE, SIG_IGN); + + /* initialize out_port */ + statd_get_socket(out_port); +--- nfs-utils-1.0.6.orig/utils/rquotad/rquota_server.c ++++ nfs-utils-1.0.6/utils/rquotad/rquota_server.c +@@ -76,6 +76,7 @@ + char *pathname, *qfpathname; + int fd, err, id, type; + struct stat stm, stn; ++ struct rquota *rquota; + + /* + * First check authentication. +@@ -168,8 +169,16 @@ + * Make a copy of the info into the last part of the remote quota + * struct which is exactly the same. + */ +- memcpy((caddr_t *)&result.getquota_rslt_u.gqr_rquota.rq_bhardlimit, +- (caddr_t *)&dq_dqb, sizeof(struct dqblk)); ++ ++ rquota = &result.getquota_rslt_u.gqr_rquota; ++ rquota->rq_bhardlimit = dq_dqb.dqb_bhardlimit; ++ rquota->rq_bsoftlimit = dq_dqb.dqb_bsoftlimit;; ++ rquota->rq_curblocks = dq_dqb.dqb_curblocks; ++ rquota->rq_fhardlimit = dq_dqb.dqb_ihardlimit; ++ rquota->rq_fsoftlimit = dq_dqb.dqb_isoftlimit; ++ rquota->rq_curfiles = dq_dqb.dqb_curinodes; ++ rquota->rq_btimeleft = dq_dqb.dqb_btime; ++ rquota->rq_ftimeleft = dq_dqb.dqb_itime; + + return(&result); + } +--- nfs-utils-1.0.6.orig/utils/mountd/cache.c ++++ nfs-utils-1.0.6/utils/mountd/cache.c +@@ -67,6 +67,8 @@ + if (inet_aton(ipaddr, &addr)==0) + return; + ++ auth_reload(); ++ + /* addr is a valid, interesting address, find the domain name... */ + client = client_compose(addr); + +@@ -138,6 +140,8 @@ + break; + } + ++ auth_reload(); ++ + /* Now determine export point for this fsid/domain */ + for (i=0 ; i < MCL_MAXTYPES; i++) { + for (exp = exportlist[i]; exp; exp = exp->m_next) { +@@ -236,6 +240,8 @@ + if (qword_get(&cp, path, strlen(lbuf)) <= 0) + goto out; + ++ auth_reload(); ++ + /* now find flags for this export point in this domain */ + for (i=0 ; i < MCL_MAXTYPES; i++) { + for (exp = exportlist[i]; exp; exp = exp->m_next) { +--- nfs-utils-1.0.6.orig/debian/etc.exports ++++ nfs-utils-1.0.6/debian/etc.exports +@@ -0,0 +1,2 @@ ++# /etc/exports: the access control list for filesystems which may be exported ++# to NFS clients. See exports(5). +--- nfs-utils-1.0.6.orig/debian/control ++++ nfs-utils-1.0.6/debian/control +@@ -8,7 +8,7 @@ + Package: nfs-kernel-server + Priority: optional + Architecture: any +-Depends: nfs-common (>= 1:0.3.3-3), debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends} ++Depends: nfs-common (>= 1:0.3.3-3), debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}, lsb-base (>= 1.3-9ubuntu3) + Provides: knfs, nfs-server + Conflicts: knfs, nfs-server + Replaces: knfs, nfs-server +@@ -22,7 +22,7 @@ + + Package: nfs-common + Architecture: any +-Depends: portmap, debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends} ++Depends: portmap, debconf (>= 1.0), sysvinit (>= 2.80-1), ${shlibs:Depends}, lsb-base (>= 1.3-9ubuntu3) + Provides: nfs-client + Conflicts: nfs-client + Replaces: nfs-client +--- nfs-utils-1.0.6.orig/debian/rules ++++ nfs-utils-1.0.6/debian/rules +@@ -13,6 +13,13 @@ + + build: build-stamp + build-stamp: ++ # Debian source diffs don't reflect removals. ++ # This kludge will suffice until the next upstream version. *sigh* ++ rm -f debian/nfs-common.config \ ++ debian/nfs-common.templates \ ++ debian/nfs-kernel-server.config \ ++ debian/nfs-kernel-server.templates ++ + dh_testdir + # Add here commands to compile the package. + $(SETGCC) ./configure \ +@@ -51,7 +58,8 @@ + done; \ + rm -f tmp/usr/sbin/*quota*; \ + rm -f tmp/usr/share/man/man8/*quota*; \ +- rm -rf tmp/var/lib/nfs/* ++ rm -rf tmp/var/lib/nfs/*; \ ++ cp --preserve=timestamps etc.exports tmp/etc/exports + # Fixups End Here # + dh_installdocs -A README + dh_installexamples +--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.conffiles ++++ nfs-utils-1.0.6/debian/nfs-kernel-server.conffiles +@@ -1,2 +1,3 @@ ++/etc/exports + /etc/default/nfs-kernel-server + /etc/init.d/nfs-kernel-server +--- nfs-utils-1.0.6.orig/debian/changelog ++++ nfs-utils-1.0.6/debian/changelog +@@ -1,3 +1,54 @@ ++nfs-utils (1:1.0.6-3ubuntu1.1) warty-security; urgency=low ++ ++ * SECURITY UPDATE: fix remote Denial of Service, fix buffer overflow on 64 ++ bit architectures ++ * utils/statd/statd.c (patch from SGI): ++ - main(): ignore SIGPIPE to continue to run even if a peer prematurely ++ closes his TCP connection ++ - drop_privs(): fix uninitialized st.st_gid value when running as root ++ (not exploitable, but using random group ids might be confusing) ++ - CAN-2004-1014 ++ * utils/rquotad/rquota_server.c (Arjan van de Ven): ++ - getquotainfo(): do not use memcpy() to copy ++ values from struct dqblk to struct rquota; on 64 bit architectures time_t ++ is 64 bits wide, but the target fields are only 32 bit, thus causing a ++ buffer overflow ++ - CAN-2004-0946 ++ - NOTE: rpc.quotad is not shipped in the debs by default (this is ++ contained in the package "quota" which is not affected by this) ++ ++ -- Martin Pitt Wed, 1 Dec 2004 14:34:34 +0100 ++ ++nfs-utils (1:1.0.6-3ubuntu1) warty; urgency=low ++ ++ * debian/nfs-common.init,nfs-kernel-server.init: prettified initscripts ++ * debian/control: versioned depend on lsb-base ++ ++ -- Nathaniel McCallum Fri, 10 Sep 2004 13:10:39 -0400 ++ ++nfs-utils (1:1.0.6-3) unstable; urgency=medium ++ ++ * Remove obsolete debconf-related files in debian/rules, because source ++ diffs don't implement removals. (closes: #239331) ++ ++ -- Chip Salzenberg Wed, 24 Mar 2004 18:09:21 -0500 ++ ++nfs-utils (1:1.0.6-2) unstable; urgency=medium ++ ++ * Upstream CVS sync. ++ * Urgency "medium" to get debconf fix into testing. ++ * Remove debconf warning notes in favor of nfs-kernel-server.NEWS. ++ (closes: #228365) ++ * Make /etc/exports a conffile. (closes: #224557) ++ * Clean up /var/lib/nfs in postrm. ++ * Test kernel version in init script; all kernels from 2.4 forward ++ have a lockd thread, and don't need rpc.lockd. Probe older kernels ++ by checking for lockd-related symbols. When in doubt, go ahead and ++ run rpc.lockd; if it's not needed, it exits. (closes: #205867) ++ * Don't bother removing nfs-server's init links; it's long dead. ++ ++ -- Chip Salzenberg Thu, 18 Mar 2004 17:06:00 -0500 ++ + nfs-utils (1:1.0.6-1) unstable; urgency=low + + * New upstream version: +--- nfs-utils-1.0.6.orig/debian/nfs-common.postinst ++++ nfs-utils-1.0.6/debian/nfs-common.postinst +@@ -12,6 +12,13 @@ + update-rc.d -f nfs-common remove >/dev/null 2>&1 || true + fi + update-rc.d nfs-common defaults 21 79 >/dev/null ++ ++ # Remove obsolete debconf questions ++ if [ -e /usr/share/debconf/confmodule ]; then ++ . /usr/share/debconf/confmodule ++ db_unregister nfs-common/tcpwrappers-statd || true ++ db_stop ++ fi + ;; + esac + +--- nfs-utils-1.0.6.orig/debian/nfs-common.postrm ++++ nfs-utils-1.0.6/debian/nfs-common.postrm +@@ -5,5 +5,9 @@ + case "$1" in + purge) + update-rc.d nfs-common remove >/dev/null ++ ++ rm -f /var/lib/nfs/state \ ++ /var/lib/nfs/sm/* \ ++ /var/lib/nfs/sm.bak/* + ;; + esac +--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.postrm ++++ nfs-utils-1.0.6/debian/nfs-kernel-server.postrm +@@ -5,6 +5,10 @@ + case "$1" in + purge) + update-rc.d nfs-kernel-server remove >/dev/null ++ ++ rm -f /var/lib/nfs/etab \ ++ /var/lib/nfs/rmtab \ ++ /var/lib/nfs/xtab + ;; + esac + +--- nfs-utils-1.0.6.orig/debian/nfs-common.init ++++ nfs-utils-1.0.6/debian/nfs-common.init +@@ -22,16 +22,27 @@ + . $DEFAULTFILE + fi + +-# Determine whether lockd is required ++. /lib/lsb/init-functions ++ ++# Determine whether lockd daemon is required. + case "$NEED_LOCKD" in + yes|no) ;; +-*) # We must be conservative and run lockd, +- # unless we can prove that it's not required. +- NEED_LOCKD=yes +- if test -f /proc/ksyms +- then +- grep -q lockdctl /proc/ksyms || NEED_LOCKD=no +- fi ++*) case `uname -r` in ++ '' | [01].* | 2.[0123].* ) ++ # Older kernels may or may not need a lockd daemon. ++ # We must assume they do, unless we can prove otherwise. ++ # (A false positive here results only in a harmless message.) ++ NEED_LOCKD=yes ++ if test -f /proc/ksyms ++ then ++ grep -q lockdctl /proc/ksyms || NEED_LOCKD=no ++ fi ++ ;; ++ ++ *) # Modern kernels (>= 2.4) start a lockd thread automatically. ++ NEED_LOCKD=no ++ ;; ++ esac + ;; + esac + +@@ -43,31 +54,27 @@ + case "$1" in + start) + cd / # daemons should have root dir as cwd +- printf "Starting $DESC:" +- printf " statd" ++ log_begin_msg "Starting $DESC..." + start-stop-daemon --start --quiet \ +- --exec $PREFIX/sbin/rpc.statd -- $STATDOPTS ++ --exec $PREFIX/sbin/rpc.statd -- $STATDOPTS || log_end_msg 1 + if [ "$NEED_LOCKD" = yes ] + then +- printf " lockd" + start-stop-daemon --start --quiet \ + --exec $PREFIX/sbin/rpc.lockd || true + fi +- echo "." ++ log_end_msg 0 + ;; + + stop) +- printf "Stopping $DESC:" ++ log_begin_msg "Stopping $DESC..." + if [ "$NEED_LOCKD" = yes ] + then +- printf " lockd" + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.lockd --user 0 || true + fi +- printf " statd" + start-stop-daemon --stop --oknodo --quiet \ +- --name rpc.statd --user 0 +- echo "." ++ --name rpc.statd --user 0 || log_end_msg 1 ++ log_end_msg 0 + ;; + + restart | force-reload) +@@ -77,7 +84,7 @@ + ;; + + *) +- echo "Usage: nfs-common {start|stop|restart}" ++ log_success_msg "Usage: nfs-common {start|stop|restart}" + exit 1 + ;; + esac +--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.NEWS ++++ nfs-utils-1.0.6/debian/nfs-kernel-server.NEWS +@@ -0,0 +1,8 @@ ++nfs-utils (1:1.0.1-1) unstable; urgency=low ++ ++ * Exports default to "sync", that is, synchronous writes. ++ This is safer but MUCH SLOWER than the old default of "async". ++ All exports should be marked as either "sync" or "async" to ++ avoid a warning from exportfs. ++ ++ -- Chip Salzenberg Mon, 26 Aug 2002 12:17:57 -0400 +--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.init ++++ nfs-utils-1.0.6/debian/nfs-kernel-server.init +@@ -29,22 +29,21 @@ + . $DEFAULTFILE + fi + ++. /lib/lsb/init-functions ++ + # See how we were called. + case "$1" in + start) + cd / # daemons should have root dir as cwd + if grep -q '^/' /etc/exports + then +- printf "Exporting directories for $DESC..." +- $PREFIX/sbin/exportfs -r +- echo "done." ++ log_begin_msg "Exporting directories for $DESC..." ++ $PREFIX/sbin/exportfs -r || log_end_msg 1 ++ log_end_msg 0 + +- printf "Starting $DESC:" +- printf " nfsd" ++ log_begin_msg "Starting $DESC:" + start-stop-daemon --start --quiet \ +- --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT +- +- printf " mountd" ++ --exec $PREFIX/sbin/rpc.nfsd -- $RPCNFSDCOUNT || log_end_msg 1 + + # make sure 127.0.0.1 is a valid source for requests + ClearAddr= +@@ -62,31 +61,30 @@ + [ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel + + start-stop-daemon --start --quiet \ +- --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS +- echo "." ++ --exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS || log_end_msg 1 ++ log_end_msg 0 + else +- echo "Not starting $DESC: No exports." ++ log_warning_msg "Not starting $DESC: No exports." + fi + ;; + + stop) +- printf "Stopping $DESC: mountd" ++ log_begin_msg "Stopping $DESC..." + start-stop-daemon --stop --oknodo --quiet \ + --name rpc.mountd --user 0 +- printf " nfsd" + start-stop-daemon --stop --oknodo --quiet \ + --name nfsd --user 0 --signal 2 +- echo "." ++ log_end_msg 0 + +- printf "Unexporting directories for $DESC..." +- $PREFIX/sbin/exportfs -au +- echo "done." ++ log_begin_msg "Unexporting directories for $DESC..." ++ $PREFIX/sbin/exportfs -au || log_end_msg 1 ++ log_end_msg 0 + ;; + + reload | force-reload) +- printf "Re-exporting directories for $DESC..." +- $PREFIX/sbin/exportfs -r +- echo "done." ++ log_begin_msg "Re-exporting directories for $DESC..." ++ $PREFIX/sbin/exportfs -r || log_end_msg 1 ++ log_begin_msg + ;; + + restart) +@@ -96,7 +94,7 @@ + ;; + + *) +- echo "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}" ++ log_success_msg "Usage: nfs-kernel-server {start|stop|reload|force-reload|restart}" + exit 1 + ;; + esac +--- nfs-utils-1.0.6.orig/debian/nfs-kernel-server.postinst ++++ nfs-utils-1.0.6/debian/nfs-kernel-server.postinst +@@ -2,36 +2,26 @@ + + #DEBHELPER# + +-. /usr/share/debconf/confmodule +- + case "$1" in + configure) +- db_get nfs-kernel-server/tcpwrappers-mountd || true ++ for f in /var/lib/nfs/etab \ ++ /var/lib/nfs/rmtab \ ++ /var/lib/nfs/xtab; do ++ [ -e $f ] || touch $f ++ done + +- touch /var/lib/nfs/etab \ +- /var/lib/nfs/rmtab \ +- /var/lib/nfs/xtab ++ update-rc.d nfs-kernel-server defaults 20 80 >/dev/null + +- if test -s /etc/exports +- then +- : do nothing +- else +- cat </etc/exports +-# /etc/exports: the access control list for filesystems which may be exported +-# to NFS clients. See exports(5). +-EOF ++ # Remove obsolete debconf questions ++ if [ -e /usr/share/debconf/confmodule ]; then ++ . /usr/share/debconf/confmodule ++ db_unregister nfs-kernel-server/sync-default || true ++ db_unregister nfs-kernel-server/tcpwrappers-mountd || true ++ db_stop + fi +- +- # The old nfs-server's init script can't tell that it's been +- # removed, so we have to kill the symlinks to it. +- update-rc.d -f nfs-server remove >/dev/null +- +- update-rc.d nfs-kernel-server defaults 20 80 >/dev/null + ;; + esac + +-db_stop +- + act="restart" + [ "$1:$2" = "configure:" ] && act="start" + invoke-rc.d nfs-kernel-server $act +--- nfs-utils-1.0.6.orig/ChangeLog ++++ nfs-utils-1.0.6/ChangeLog +@@ -1,3 +1,18 @@ ++2004-03-18 Chip Salzenberg ++ ++ * debian/changelog: Version 1.0.6-2. ++ ++2004-02-24 NeilBrown ++ from "J. Bruce Fields" ++ ++ * utils/mountd/cache.c: call auth_reload to make sure auth data is ++ current before responding to kernel upcall. ++ ++2004-02-24 NeilBrown ++ Based on patch from Greg Banks ++ ++ * utils/exportfs/exports.man: Document fsid= option. ++ + 2003-09-15 NeilBrown + + Release 1.0.6 +@@ -8,7 +23,7 @@ + utils/statd/Makefile: add "predep" rule so that "make dep" works. + * Makefile: allow a simple "make" to run ./configure and "make dep" + if needed. +- * configure.in, nfs-utils.spec: Update version to 1.0.4 ++ * configure.in, nfs-utils.spec: Update version to 1.0.6 + * run autoconf + + 2003-09-12 Chip Salzenberg -- 2.44.0