Package: openafs-modules-source Version: 1.4.2-2 Severity: normal Hello!
I've noticed strange 'permission denied' errors when accessing files on _non-AFS_ filesystem[s]. These errors are readily reproducible: $ id -u 1000 $ id -G 2000 33847 37992 24 25 29 44 104 111 113 1000 5000 33847 37992 [33847 and 37992 are GIDs added by cache manager] $ cd /tmp [/tmp is tmpfs, but the xfs and ext3 behave in the same way] $ mkdir test $ chgrp 24 test [Please note: 24 is the first GID after those added by cache manager] chgrp: changing group of `test': Operation not permitted $ chgrp 25 test [all other GIDs are OK, as it should be] Now, let's have more fun with it: $ chmod 770 test; ksu -qe /bin/chown 0:24 test $ ls -lnd test drwxrwx--- 2 0 24 40 Nov 8 19:37 test $ cd test bash: cd: test: Permission denied The same happens not only for directories, but also for ordinary files, block and charater devices, etc. So, it looks like permission checks ignore _the first GID after ones added by cache manager_ (24 in my example). If I login on other console using *NIX password (as opposed to Kerberos one), so my processes have only ordinary *NIX GIDs: $ id -G 2000 24 25 29 44 104 111 113 1000 5000 $ cd /tmp/test [OK, as it should be] $ su -c 'chown 1000:2000 .' [typed in root password] $ ls -lnd . drwxrwx--- 2 1000 2000 40 Nov 8 19:37 . $ chgrp 24 . [OK, as it should be] The kernel I use is patched with grsecurity (http://www.grsecurity.net), but the vanilla kernel is affected too. Note also that the bug seems to be present only on SMP systems. Just in a case, my kernel config is available at http://theor.jinr.ru/~varg/misc/config-2.6.17.11-grsec-p4-smp.gz Best regards, Alexei -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.17.11-grsec-p4-smp Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Versions of packages openafs-modules-source depends on: ii bison 1:2.3.dfsg-4 A parser generator that is compati ii debhelper 5.0.40 helper programs for debian/rules ii flex 2.5.33-10 A fast lexical analyzer generator. hi kernel-package 10.064 A utility for building Linux kerne ii module-assistant 0.10.7 tool to make module package creati openafs-modules-source recommends no packages. -- no debconf information -- All science is either physics or stamp collecting.
signature.asc
Description: Digital signature
