rpc.lockd brokenness (2)

Kris Kennaway kris at obsecurity.org
Thu Mar 9 02:22:38 UTC 2006


On Thu, Mar 09, 2006 at 02:14:59AM +0000, Miguel Lopes Santos Ramos wrote:
> > From: Kris Kennaway <kris at obsecurity.org>
> >
> > The bug is triggered because the file is locked in the parent
> > (i.e. the daemon process, which creates the pidfile) but unlocked by
> > the child after the fork (in this case, when the child is killed).  On
> > the server, rpc.lockd compares the svid (=3D pid of process on the
> > client that is doing the lock call) of the lock and unlock requests,
> > notices they're different and assumes that the unlock request is
> > coming from some random process on the client that didn't hold the
> > lock in the first place.
> >
> > In reality, the file descriptor was passed from parent to child by the
> > fork(), and the child does actually hold the lock.
> 
> Thank you. That is a very good explanation.

I filed a PR, but I doubt this will be fixed any time soon since it'll
need a lot of work.

> > Fixing this is probably hard (also: I can't see how this could have
> > ever worked with pidfile locking in cron, since it always acquired the
> > lock before forking, as now.  Perhaps something else about your
> > configuration changed.).
> 
> Because the lock is somehow persisting through reboots, even though I 
> stop nfslocking, remove /var/db/statd.status and restart it...

Yeah, the file is still locked on the server, and will never be
unlocked unless you stop and restart the rpc.lockd on the server
(which releases all the locks it holds).

> Oh yes, I must try that again. I had problems in the past with using the -L
> option, gnome didn't run. Probably it was because it was a single / filesystem
> mounted on boot and the option on fstab was ignored, I must try it again.

You can use the -o lockd form in /etc/fstab.

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060308/a0ced470/attachment.bin


More information about the freebsd-stable mailing list