|
Description
|
While investigating lp/print bug 4997994, root cause was determined to
come from a call to getcwd(3C) that was failing.
lp has the setuid bit set, hence run as root. The failing case is when
getcwd(3C) tries to access a NFS directory (directories ?) with
restricted access right (e.g., 700 to userA). The test case is however
not always reproducible, and there seems to be some inconsistency.
I have been able to reproduce this issue on Solaris 9, 10 and Nevada, using
NFSv3.
Attached is a snoop file of a failing case between a solaris nevada
client (private bfu based on snv_05 I believe), 129.157.190.181, and a
solaris 9 server (129.157.179.51).
The snoop file match the following steps:
thoracic1.sdussud-> cd /net/tibia.france/export/test1/test2
thoracic1.sdussud-> /var/tmp/550995/test_550995
getcwd failed!!!
thoracic1.sdussud-
and we have the following access rights for the relevant directories:
thoracic1.sdussud-> ls -ld /net/tibia.france/export/test1/test2
drwx------ 2 sdussud staff 512 Jan 31 18:23 /net/tibia.france/export/test1/test2
thoracic1.sdussud-> ls -ld /net/tibia.france/export/test1/
drwxrwxr-- 3 sdussud staff 512 Jul 2 2004 /net/tibia.france/export/test1/
thoracic1.sdussud-> ls -ld /net/tibia.france/export
dr-xr-xr-x 3 root root 3 Feb 7 11:04 /net/tibia.france/export
thoracic1.sdussud-> showmount -e tibia
export list for tibia:
/export/home (everyone)
/export/test1 (everyone)
The test case program has the following access right:
thoracic1.sdussud-> ls -ld /var/tmp/550995/test_550995
-r-s--x--x 1 root root 6792 Dec 13 12:22 /var/tmp/550995/test_55099
And the C program is:
tibia.sdussud-> more test_550995.c
#include <stdio.h>
main()
{
char str[200];
if (getcwd(str, sizeof(str)) == NULL)
printf("getcwd failed!!!\n");
else
printf("CWD = %s\n",str);
}
See also comments section for initial comments on the snoop file.
xxxxx@xxxxx.com 2005-2-07 11:21:57 GMT
|