netbsd-bugs: bin/2211: mount_nfs gives no indication of failure against secure servers

Subject: bin/2211: mount_nfs gives no indication of failure against secure servers
To: None <gnats-bugs@NetBSD.ORG>
From: Greg A. Woods <woods@mail.weird.com>
List: netbsd-bugs
Date: 03/13/1996 09:02:37
>Number:         2211
>Category:       bin
>Synopsis:       mount_nfs does not fail properly for some types of denied mounts
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Mar 13 09:20:02 1996
>Last-Modified:
>Originator:     Greg A. Woods
>Organization:
Planix, Inc.; Toronto, Ontario; Canada
>Release:        NetBSD-1.1
>Environment:

System: NetBSD sometimes 1.1 NetBSD 1.1 (GENERIC) #24: Thu Dec 14 13:52:07 EST 1995 gwr@venus:/home/gwr/work/src/sys/arch/sun3/compile/GENERIC sun3
System: NetBSD mailgate 1.1 NetBSD 1.1 (MAILGATE) #0: Tue Feb 20 12:51:20 EST 1996     root@:/usr/src/sys/arch/i386/compile/MAILGATE i386

>Description:

	NFS mounts that are denied because the '-P' option was not used
	do not fail properly.  In fact the mount seems to continue to
	succeed after permission has been denied, resulting in an
	invisible, inaccessable, mount point that must be unmounted
	before it can be re-mounted with the correct option.

	The mount will warn of problems with the message:

		mount: statfs /mnt: Permission denied

	BUT it will only warn if the '-v' flag is given (i.e. normally
	mounts that fail from NFS partitions listed in /etc/fstab fail
	silently, possibly leaving the system in a highly confused state).

	While the "failed" mount is in place, the mount-point directory
	will be invisble to ls, and attempts to chdir(2) there, even by
	root, will result in a "Permission denied" error.

	While the "failed" mount is in place you will see messages such
	as the following on the server:

		Mar 13 08:45:02 most vmunix: NFS request from unprivileged port.
		Mar 13 08:45:02 most vmunix: nfs_server: weak authentication, source IP address=204.92.254.6

>How-To-Repeat:

	[[ In the following procedure replace hostnames and directories
	as appropriate for local conditions. ]]

	Configure a SunOS-4.1.x NFS server to use NFS port monitoring
	(i.e. so-called "secure" mounts):

	        echo "nfs_portmon/W1" | adb -w /vmunix /dev/kmem >/dev/null 2>&1

	Create and export a directory from that server, to the netbsd box:

		mkdir -p /export/test/sometimes
		echo '/export/test/sometimes -access=sometimes.weird.com,root=sometimes.weird.com' >> /etc/exports
		exportfs -v /export/test/sometimes
		echo "hello world" > /export/test/sometimes/greeting

	Try mounting a the directory from the netbsd box:

		mount -t nfs -v most:/export/test/sometimes /mnt

	Check to see if the mount is listed:

		mount

	Check to see if the directory still exists:

		ls -l /

	Try to cd to the directory

		cd /mnt

	Unmount the failed mount:

		umount /mnt

	Try mounting the directory so that it will work:

		mount -t nfs -o -P -v most:/export/test/sometimes /mnt
		mount
		ls -l /
		ls -l /mnt
		cd /mnt
		ls -l
		cat greeting

>Fix:
	unknown

	Ideally the mount should be completely failed.

	I recommend at minimum placing a '-v' flag on the 'mount -a -t nfs'
	command in the /etc/rc script.  (I like '-v' for all mounts an
	umounts in rc scripts and at shutdown times.)  Alternatively the
	Permission denied message could be made mandatory without the '-v'.
>Audit-Trail:
>Unformatted: