Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
SuSE 7.0: auto.net: symlinking own host in /net
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Fri, 1 Dec 2000 18:56:51 +0100
  • Message-id: <20001201185651.B7313@xxxxxxxxx>
Useing SuSE 7.0 we found a problem (or missing feature or a bug,
call it like you want). If the local machine exports more shares
(i.e. "/", "/home" and may be more), the automounter won't work
local (but remote). This is caused by a nice feature of the
automounter: if the filesystem to mount is local, it's symlinked.
This isn't working always, since after linking "/", the
destination of the next link (i.e. "/home") already exists (since
the kernel follows the first symlink). Additionally this makes no
sense, since linking to "/" makes the whole filesystem
accessible.

A security problem occurs, since if "/" is exported readonly, the
symlink is read-write. If you have some scripts working via NFS
and automounter on a read-only share, it cannot write via
/net/host/... normally, but if it's started on "host" itself, it
is suddenly able to write! This needs attention, since some
people start scripts on r/o mouted local shares to make sure to
write action may happen. But in this scenario this isn't working
as expected, any write action succeeds! This is important if you
work with root-jails in r/o mounted local shares. In this case
the quickiest workaround is: don't use autofs for that.

To fix the first problem, it's neccesary to modify the output of
the script /etc/auto.net. If this script reports only "/" as
share, it works, so we just modified it in this way. A patch is
attached. To install it, you may use the following commands:

# cp /etc/auto.net /etc/auto.net.suse
# patch -p0 < auto.net.patch

Please note, that this will *NOT* fix the second, security
related issue! The mounted local filesystem is writeable via
/net/localhost, even if exported r/o!

oki,

Steffen

--
Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.
--- /etc/auto.net.orig Sat Jul 29 21:16:10 2000
+++ /etc/auto.net Fri Dec 1 18:30:58 2000
@@ -1,6 +1,10 @@
#!/bin/sh

# $Id: //depot/autofs-4.0/samples/auto.net#4 $
+# MODIFIED by <steffen@xxxxxxx> and atz Dec 1 2000:
+# added support for /net/<own-hostname>
+# to work with multiple exports
+# (yes, it looks more like a bugfix :))

# Look at what a host is exporting to determine what we can mount.
# This is very simple, but it appears to work surprisingly well
@@ -9,6 +13,21 @@

# add "nosymlink" here if you want to suppress symlinking local filesystems
opts="-fstype=nfs,hard,intr,nodev,nosuid"
+
+
+# MODIFICATION BEGIN
+#we need to react if key == own host
+if [ "$key" = `hostname` -o "$key" = "localhost" ] ; then
+ #in this case, do not list all exported fs, since
+ # autofs would fail when trying to symlink them.
+ # So we just simulate that only "/" is exported
+ # security shouldn't be affected when working with symlinks...
+ echo "$opts \\";
+ echo "/ ${key}:/";
+ #exit, return success
+ exit 0;
+fi;
+# MODIFICATION END

# Showmount comes in a number of names and varieties. "showmount" is
# typically an older version which accepts the '--no-headers' flag
< Previous Next >
This Thread
  • No further messages