netbsd-bugs: bin/5990: newfs cannot create filesystems with non-root ownership of root directory

Subject: bin/5990: newfs cannot create filesystems with non-root ownership of root directory
To: None <gnats-bugs@gnats.netbsd.org>
From: None <jbernard@ox.mines.edu>
List: netbsd-bugs
Date: 08/19/1998 14:13:29

>Number:         5990
>Category:       bin
>Synopsis:       newfs cannot create filesystems with non-root ownership of root directory
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    bin-bug-people (Utility Bug People)
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Aug 19 13:20:01 1998
>Last-Modified:
>Originator:     Jim Bernard
>Organization:
	Speaking for myself
>Release:        August 19, 1998
>Environment:
System: NetBSD io 1.3G NetBSD 1.3G (FIZ) #0: Tue Aug 18 13:47:28 MDT 1998 jbernard@io:/var/tmp/compile/sys/arch/i386/compile/FIZ i386


>Description:
	It is impossible for a user to create and use an ffs filesystem on a
	floppy disk, for example, because when newfs is run to create the
	filesystem, the ownership of the root dinode is not set, so it defaults
	to root.wheel (really 0.0).  The result is a filesystem that a user can
	mount and read, but cannot write to.  This makes it rather inconvenient
	to support use of, e.g., ffs floppy disks by ordinary users.

>How-To-Repeat:
	(The following example is for a 1.44 MB floppy on an i386 box.  It
	demonstrates that an ordinary user cannot, except via "heroic" effort,
	create an ffs floppy and actually use it, even with suitably set
	device permissions.  Presumably, similar examples can be constructed
	for other types of removable media on the same or other ports.)

	[log in or su to root]
	chmod 666 /dev/fd0a /dev/rfd0a
	[log in as a regular (non-root) user]
	[insert a floppy disk]
	fdformat
	disklabel -rw /dev/rfd0a floppy
	newfs /dev/rfd0a
	mkdir /tmp/mnt
	mount /dev/fd0a /tmp/mnt
	cp /etc/disktab /tmp/mnt [permission denied]
	ls -lgd /tmp/mnt [shows /tmp/mnt owned by root.wheel]
	umount /dev/fd0a
	[now comes the "heroic effort" part]
	fsdb -d -f /dev/rfd0a [shows root dinode (2) owned by root.wheel]
	chown <your uid>
	chgrp <your gid>
	quit
	fsck -y /dev/rfd0a
	mount /dev/fd0a /tmp/mnt
	cp /etc/disktab /tmp/mnt [succeeds]
	ls -lgd /tmp/mnt [shows /tmp/mnt owned by you.yourgroup]

>Fix:
	This change to sbin/newfs/mkfs.c sets the uid.gid of the root dinode to
	the effective uid.gid of the invoking user.

--- mkfs.c-dist	Thu Apr  2 05:17:46 1998
+++ mkfs.c	Wed Aug 19 13:30:05 1998
@@ -898,10 +898,12 @@
 		node.di_size = makedir((struct direct *)oroot_dir, PREDEFDIR);
 	else
 		node.di_size = makedir(root_dir, PREDEFDIR);
 	node.di_db[0] = alloc(sblock.fs_fsize, node.di_mode);
 	node.di_blocks = btodb(fragroundup(&sblock, node.di_size));
+	node.di_uid = geteuid();
+	node.di_gid = getegid();
 	wtfs(fsbtodb(&sblock, node.di_db[0]), sblock.fs_fsize, buf);
 	iput(&node, ROOTINO);
 }
 
 /*
>Audit-Trail:
>Unformatted: