Rick Macklem wrote: > On Sun, 27 Sep 2009, Robert Watson wrote: >> On Fri, 25 Sep 2009, Jamie Gritton wrote: >> >>> It seems to be NFS related. I think the null pointer in question is >>> from the export's anonymous credential. Try the patch below and see >>> if it helps (which I guess means run it overnight and see if it >>> crashes again). I've also patched a similar missing cred prison in >>> GSS_SVC, since I'm not versed enough in NFS/RPC stuff to know if it >>> might be the problem. >> >> This is one of the reasons I really dislike "magic" credentials and >> special handling of NULL credentials -- they always get into code the >> author doesn't expect, and either there are bad pointer dereferences, >> or incorrect security decisions. It's almost always the case that a >> correct credential should have been cached or generated at some >> earlier point to represent the security context... >> > I don't really understand prisons/jails, but would creating these > credentials via: > crdup(td->td_ucred); // duplicating the daemon thread's cred > - and then replacing the <uid,gids> > make sense as an alternative to starting with crget()? > (ie. All the other stuff except <uid,gids> would be "inherited" from the > credential for the daemon thread.) That sounds right to me for cases when the cred is based on passed UID/GIDs. Perhaps you'd want to use the UID-changing helper functions on kern_prot.c, or perhaps a new helper or helpers just for the circumstance. - JamieReceived on Wed Oct 07 2009 - 18:08:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:56 UTC