Received: (from majordomo@localhost) by oss.sgi.com (8.11.2/8.11.3) id f6Q3DNG05952 for linux-xfs-outgoing; Wed, 25 Jul 2001 20:13:23 -0700 Received: from rj.corp.sgi.com (rj.sgi.com [204.94.215.100]) by oss.sgi.com (8.11.2/8.11.3) with SMTP id f6Q3DLV05933 for ; Wed, 25 Jul 2001 20:13:21 -0700 Received: from larry.melbourne.sgi.com (larry.melbourne.sgi.com [134.14.52.130]) by rj.corp.sgi.com (8.11.4/8.11.4/linux-outbound_gateway-1.0) with SMTP id f6Q3GxU21025 for ; Wed, 25 Jul 2001 20:16:59 -0700 Received: from kao2.melbourne.sgi.com (kao2.melbourne.sgi.com [134.14.55.180]) by larry.melbourne.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id NAA21283; Thu, 26 Jul 2001 13:11:56 +1000 X-Mailer: exmh version 2.1.1 10/15/1999 From: Keith Owens To: tridge@valinux.com cc: linux-xfs@oss.sgi.com Subject: Re: umask fix (patch) In-reply-to: Your message of "Wed, 25 Jul 2001 19:24:17 MST." <20010726022417.ECC8144E0@lists.samba.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 26 Jul 2001 13:11:56 +1000 Message-ID: <18265.996117116@kao2.melbourne.sgi.com> Sender: owner-linux-xfs@oss.sgi.com Precedence: bulk On Wed, 25 Jul 2001 19:24:17 -0700 (PDT), Andrew Tridgell wrote: >The problem turned out to be in the nfsd code. The following fixes it: > >--- fs/nfsd/nfssvc.c 2001/05/29 19:53:13 1.13 >+++ fs/nfsd/nfssvc.c 2001/07/26 02:27:26 >@@ -150,6 +150,7 @@ > MOD_INC_USE_COUNT; > lock_kernel(); > daemonize(); >+ current->fs->umask = 0; > sprintf(current->comm, "nfsd"); > current->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; Kernel threads share the init task fs context. That change makes all future kernel threads run with umask 0, a big security exposure. This problem was supposed to have been fixed in 2.4.7-pre7.