From: Chuck Lever <chuck.lever@oracle.com>
To: Bruce Fields <bfields@fieldses.org>
Cc: 吴异 <wangzhibei1999@gmail.com>,
"Linux NFS Mailing List" <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] nfsd4: readdirplus shouldn't return parent of export
Date: Tue, 12 Jan 2021 08:31:59 -0500 [thread overview]
Message-ID: <BF0A932D-82D7-4698-9BA6-2B5B709E7AE3@oracle.com> (raw)
In-Reply-To: <20210111210129.GA11652@fieldses.org>
> On Jan 11, 2021, at 4:01 PM, J. Bruce Fields <bfields@fieldses.org> wrote:
>
> From: "J. Bruce Fields" <bfields@redhat.com>
>
> If you export a subdirectory of a filesystem, a READDIRPLUS on the root
> of that export will return the filehandle of the parent with the ".."
> entry.
>
> The filehandle is optional, so let's just not return the filehandle for
> ".." if we're at the root of an export.
>
> Note that once the client learns one filehandle outside of the export,
> they can trivially access the rest of the export using further lookups.
>
> However, it is also not very difficult to guess filehandles outside of
> the export. So exporting a subdirectory of a filesystem should
> considered equivalent to providing access to the entire filesystem. To
> avoid confusion, we recommend only exporting entire filesystems.
>
> Reported-by: 吴异 <wangzhibei1999@gmail.com>
> Signed-off-by: J. Bruce Fields <bfields@redhat.com>
> ---
> fs/nfsd/nfs3xdr.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c
> index 821db21ba072..34b880211e5e 100644
> --- a/fs/nfsd/nfs3xdr.c
> +++ b/fs/nfsd/nfs3xdr.c
> @@ -865,9 +865,14 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp,
> if (isdotent(name, namlen)) {
> if (namlen == 2) {
> dchild = dget_parent(dparent);
> - /* filesystem root - cannot return filehandle for ".." */
> + /*
> + * Don't return filehandle for ".." if we're at
> OA+ * the filesystem or export root:
> + */
> if (dchild == dparent)
> goto out;
> + if (dparent == exp->ex_path.dentry)
> + goto out;
> } else
> dchild = dget(dparent);
> } else
> --
> 2.29.2
Thanks for the fix!
I've replaced the Reported-by: tag and pushed this to my
cel-next topic branch, and intend to submit it with the
next 5.11 -rc pull request. See:
https://git.linux-nfs.org/?p=cel/cel-2.6.git;a=shortlog;h=refs/heads/cel-next
Is there additional context that should be added? A Link:
tag that points to the discussion on security@ perhaps?
Note there was some damage in the patch body: there's a
spurious "OA" in the hunk that had to be removed before
the patch would apply.
--
Chuck Lever
next prev parent reply other threads:[~2021-01-12 13:33 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAHxDmpTKJfnhGY9CVupyVYhNCTDVKBB6KRwh-E6u_XEPJq4WJQ@mail.gmail.com>
[not found] ` <20210105165633.GC14893@fieldses.org>
[not found] ` <X/hEB8awvGyMKi6x@kroah.com>
[not found] ` <20210108152017.GA4183@fieldses.org>
[not found] ` <CAHxDmpSp1LHzKD5uqbfi+jcnb+nFaAZbc5++E0oOvLsYvyYDpw@mail.gmail.com>
[not found] ` <20210108164433.GB8699@fieldses.org>
[not found] ` <CAHxDmpSjwrcr_fqLJa5=Zo=xmbt2Eo9dcy6TQuoU8+F3yVVNhw@mail.gmail.com>
[not found] ` <20210110201740.GA8789@fieldses.org>
[not found] ` <20210110202815.GB8789@fieldses.org>
[not found] ` <CAHxDmpR8S7NR8OU2nWJmWBdFU9a7wDuDnxviQ2E9RDOeW9fExg@mail.gmail.com>
2021-01-11 19:25 ` nfsd vurlerability submit J. Bruce Fields
2021-01-11 21:01 ` [PATCH] nfsd4: readdirplus shouldn't return parent of export J. Bruce Fields
2021-01-12 13:31 ` Chuck Lever [this message]
2021-01-12 13:50 ` Bruce Fields
[not found] ` <20210108152607.GA950@1wt.eu>
[not found] ` <20210108153237.GB4183@fieldses.org>
[not found] ` <20210108154230.GB950@1wt.eu>
[not found] ` <20210111193655.GC2600@fieldses.org>
[not found] ` <CAHxDmpR1zG25ADfK2jat4VKGbAOCg6YM_0WA+a_jQE82hbnMjA@mail.gmail.com>
[not found] ` <CAHxDmpRfmVukMR_yF4coioiuzrsp72zBraHWZ8gaMydUuLwKFg@mail.gmail.com>
2021-01-12 15:32 ` nfsd vurlerability submit J. Bruce Fields
2021-01-12 16:53 ` Trond Myklebust
2021-01-12 17:20 ` Patrick Goetz
2021-01-12 18:03 ` bfields
2021-01-13 8:12 ` Christoph Hellwig
2021-01-13 14:34 ` Trond Myklebust
2021-01-13 14:40 ` hch
2021-01-13 15:16 ` Trond Myklebust
2021-01-13 15:30 ` hch
2021-01-13 15:45 ` Frank Filz
2021-01-21 20:01 ` Patrick Goetz
2021-01-21 22:04 ` bfields
2021-01-21 23:19 ` Patrick Goetz
2021-01-22 1:30 ` bfields
2021-01-22 13:20 ` Patrick Goetz
2021-01-22 14:48 ` Tom Talpey
[not found] ` <CAHxDmpTEBJ1jd_fr3GJ4k7KgzaBpe1LwKgyZn0AJ0D1ESK12fQ@mail.gmail.com>
2021-01-12 17:47 ` Trond Myklebust
[not found] ` <CAHxDmpTyrG74hOkzmDK834t+JiQduWHVWxCf_7nrDVa++EK2mA@mail.gmail.com>
2021-01-13 14:25 ` Trond Myklebust
2021-01-14 18:07 ` bfields
2021-01-14 18:29 ` Linus Torvalds
2021-01-14 18:35 ` Chuck Lever
2021-01-14 18:37 ` Linus Torvalds
2021-01-18 16:29 ` 吴异
2021-01-18 22:55 ` bfields
2021-01-19 2:48 ` 吴异
2021-01-19 3:46 ` bfields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BF0A932D-82D7-4698-9BA6-2B5B709E7AE3@oracle.com \
--to=chuck.lever@oracle.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=wangzhibei1999@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.