Project

General

Profile

Bug #8109

Kernel AUTH_SYS and AUTH_LOOPBACK implementation can ignore provided credentials

Added by Marcel Telka almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
kernel
Start date:
2017-04-26
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Both authloopback_marshal() and authkern_marshal() will ignore the passed in credentials in a case the provided XDR have not preallocated large enough buffer, or it is non-trivial (like xdrmblk with several linked mblks); IOW, when the XDR_INLINE() call in the marshalling functions fails.


Related issues

Related to illumos gate - Bug #8106: authloopback_marshal() can violate the RPC specificationClosed2017-04-25

Actions

History

#1

Updated by Marcel Telka almost 3 years ago

  • Related to Bug #8106: authloopback_marshal() can violate the RPC specification added
#2

Updated by Marcel Telka almost 3 years ago

To reproduce this problem please use the module.c file attached to bug #8106 and steps described there. Once ran, you will find this in the log:

Apr 26 16:00:37 t4 module: [ID 378104 kern.info] NOTICE: AUTH_LOOPBACK, 70 groups, xdrmem success: 000055de 00000190
Apr 26 16:00:37 t4 module: [ID 618828 kern.info] NOTICE: AUTH_LOOPBACK, 70 groups, xdrmblk success: 000055de 000000a4
Apr 26 16:00:37 t4 module: [ID 633239 kern.info] NOTICE: AUTH_LOOPBACK, 80 groups, xdrmem success: 000055de 000001b8
Apr 26 16:00:37 t4 module: [ID 767423 kern.info] NOTICE: AUTH_LOOPBACK, 80 groups, xdrmblk success: 000055de 000000a4
Apr 26 16:00:37 t4 module: [ID 398392 kern.info] NOTICE: AUTH_SYS, 80 groups, xdrmem success: 00000001 000000b8
Apr 26 16:00:37 t4 module: [ID 301671 kern.info] NOTICE: AUTH_SYS, 80 groups, xdrmblk success: 00000001 000000a4

For the xdrmblk case the AUTH_MARSHALL() function encoded different amount of data when compared to the xdrmem case because it ignored the passed in credentials.

#4

Updated by Marcel Telka almost 3 years ago

  • Status changed from In Progress to Pending RTI
#5

Updated by Electric Monk almost 3 years ago

  • Status changed from Pending RTI to Closed
  • % Done changed from 0 to 100

git commit 6dd72a43d2e43185833c20e7f0c4cb88a4d37ec8

commit  6dd72a43d2e43185833c20e7f0c4cb88a4d37ec8
Author: Marcel Telka <marcel@telka.sk>
Date:   2017-06-13T14:37:46.000Z

    8106 authloopback_marshal() can violate the RPC specification
    8109 Kernel AUTH_SYS and AUTH_LOOPBACK implementation can ignore provided credentials
    Reviewed by: Toomas Soome <tsoome@me.com>
    Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Also available in: Atom PDF