Subject: bin/4636: login fails for non-root exported NFS-home with mode 700
To: None <gnats-bugs@gnats.netbsd.org>
From: Hubert Feyrer <feyrer@jabberwocky.fh-regensburg.de>
List: netbsd-bugs
Date: 12/04/1997 09:41:22
>Number: 4636
>Category: bin
>Synopsis: login fails for non-root exported NFS-home with mode 700
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bin-bug-people (Utility Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Dec 4 00:50:00 1997
>Last-Modified:
>Originator: Hubert Feyrer
>Organization:
Hubert Feyrer <hubert.feyrer@rz.uni-regensburg.de>
>Release: 1.3_ALPHA
>Environment:
System: NetBSD jabberwocky 1.2 NetBSD 1.2 (JABBERWOCKY) #0: Sun Sep 7 13:47:41 GMT 1997 feyrer@jabberwocky:/usr/src/sys/arch/i386/compile/JABBERWOCKY i386
>Description:
If you mount a user-home via NFS, and that NFS volume is
exported without root access (i.e. no -root=0 in exports file),
AND the home-dir is mode 700, login fails:
No home directory /home3/bedienst/test!
Logging in with home = "/".
The problem is, that the chdir(2) to the home fails, as it
is done with root provileges, which violate the conditions
under which the home is NFS-exported.
>How-To-Repeat:
Export a $HOME with non-root access privileges via NFS, chmod
700 it, and then try to login on a NFS client.
>Fix:
chdir(2) to $HOME after giving up special permissions.
Index: login.c
===================================================================
RCS file: /cvsroot/src/usr.bin/login/login.c,v
retrieving revision 1.32
diff -u -r1.32 login.c
--- login.c 1997/11/07 20:32:05 1.32
+++ login.c 1997/12/04 08:29:43
@@ -1,4 +1,4 @@
-/* $NetBSD: login.c,v 1.32 1997/11/07 20:32:05 mrg Exp $ */
+/* $NetBSD: login.c,v 1.31.2.1 1997/11/07 20:34:52 mrg Exp $ */
/*-
* Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994
@@ -44,7 +44,7 @@
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
-__RCSID("$NetBSD: login.c,v 1.32 1997/11/07 20:32:05 mrg Exp $");
+__RCSID("$NetBSD: login.c,v 1.31.2.1 1997/11/07 20:34:52 mrg Exp $");
#endif /* not lint */
/*
@@ -388,14 +388,6 @@
if (!rootlogin)
checknologin();
- if (chdir(pwd->pw_dir) < 0) {
- (void)printf("No home directory %s!\n", pwd->pw_dir);
- if (chdir("/"))
- exit(0);
- pwd->pw_dir = "/";
- (void)printf("Logging in with home = \"/\".\n");
- }
-
quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0;
if (pwd->pw_change || pwd->pw_expire)
@@ -516,6 +508,17 @@
(void)setuid(0);
else
(void)setuid(pwd->pw_uid);
+
+ /* do chdir as non-root so we can change into NFS-mounted homes */
+ /* that are exported for non-root access and have mode 700 */
+ if (chdir(pwd->pw_dir) < 0) {
+ (void)printf("No home directory %s!\n", pwd->pw_dir);
+ if (chdir("/"))
+ exit(0);
+ pwd->pw_dir = "/";
+ (void)printf("Logging in with home = \"/\".\n");
+ }
+
/* Wait to change password until we're unprivileged */
if (need_chpass) {
>Audit-Trail:
>Unformatted: