Subject: kern/3019: a client can write an read-only exported file-system
To: None <gnats-bugs@gnats.netbsd.org>
From: Manuel BOUYER <bouyer@antioche.ibp.fr>
List: netbsd-bugs
Date: 12/11/1996 11:27:01
>Number:         3019
>Category:       kern
>Synopsis:       a client can write an read-only exported file-system
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 11 02:35:00 1996
>Last-Modified:
>Originator:     Manuel BOUYER
>Organization:

MASI, Universite Paris VI.

>Release:        1.2_BETA
>Environment:

NetBSD antioche.ibp.fr 1.2_BETA NetBSD 1.2_BETA (ANTIOCHE) #0: Tue Oct 22 14:36:40 MET DST 1996     bouyer@dess106.ibp.fr:/usr/src/src_current/sys/arch/i386/compile/ANTIOCHE i386

>Description:
	An read-only exported NFS file system can be written by (at last)
	an NetBSD 1.2 client. I guess this is a bug on the server side, so any
	clients can write it (but I only have root access to NetBSD hosts, so
	I can't verify it)
>How-To-Repeat:
	
	antioche#/>cat /etc/exports 
	/home/ftp -ro -network 132.227.61.0 -mask 255.255.255.0
	antioche#/>ps ax|grep mount
	   59 ??  IWs    0:01.50 mountd 
	   23910 p0  S+     0:00.18 grep mount 
	antioche#/>kill -HUP 59

	[note the -ro flag for /home/ftp]

	antifer#/promethee/bouyer>mount antioche:/home/ftp /mnt
	antifer#/promethee/bouyer>mount antioche:/home/ftp /mnt
	antifer#/promethee/bouyer>su - bouyer
	antifer:/promethee/bouyer>cd /mnt/pub/NetBSD
	antifer:/mnt/pub/NetBSD>ls -ld .
	drwxr-xr-x  5 bouyer  wheel  512 Oct 29 15:10 .
	antifer:/mnt/pub/NetBSD>
	antifer:/mnt/pub/NetBSD>ls
	NetBSD-current  sup             unofficial
	antifer:/mnt/pub/NetBSD>cat >toto
	qwerty
	antifer:/mnt/pub/NetBSD>ls
	NetBSD-current  sup             toto            unofficial

	[this file also appears on the server:
	antioche#/>ls /home/ftp/pub/NetBSD/
	.message        NetBSD-current  sup             toto            unofficial
	antioche#/>cat /home/ftp/pub/NetBSD/toto 
	qwerty

>Fix:
	Unknown.
>Audit-Trail:
>Unformatted: