bin/56500: rpc.lockd needs to use reserved ports

Jonathan Lennox lennox at cs.columbia.edu
Fri Sep 5 10:30:16 PDT 2003 

>Number:         56500
>Category:       bin
>Synopsis:       rpc.lockd needs to use reserved ports
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 05 10:30:13 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Jonathan Lennox
>Release:        FreeBSD 5.1-RELEASE-p2 i386
>Organization:
Columbia University
>Environment:
System: FreeBSD cnr.cs.columbia.edu 5.1-RELEASE-p2 FreeBSD 5.1-RELEASE-p2 #1: Thu Sep 4 18:18:39 EDT 2003 lennox at cnr.cs.columbia.edu:/usr/obj/usr/src/sys/CNR i386

>Description:
Many NFS servers refuse client requests from unreserved (allegedly
"insecure") UDP ports.

The FreeBSD NFS client correctly deals with this, by always using reserved
ports.  However, rpc.lockd, which as of FreeBSD 5.x handles client-side NLM
locks, doesn't.

NFS servers -- notably Linux's -- that want NFS requests to come from
reserved ports often want NLM requests to come from reserved ports as well.
Thus, for the same reason as this was needed for the NFS client in the
kernel, the NLM client in rpc.lockd needs to send its RPC messages from a
reserved port.

>How-To-Repeat:
* Install the patch in kern/56461 and rebuild your kernel and rpc.lockd,
  or you'll freeze when you try to lock from a Linux server, and never
  get as far as this bug.

* Make sure rpc.statd and rpc.lockd are running.

* NFS mount a filesystem from a Linux fileserver.

* (Run ethereal, if you're curious about what NLM messages are actually
  appearing on the wire.)

* Try to lock a file (with flock() or lockf()) from the Linux
  fileserver.

* Notice that flock() or lockf() returned EAGAIN.

* In ethereal, notice that the RPC call returned the status NLM_DENIED.

* In /var/log/messages (or wherever it puts it) on the Linux host,
  notice the message of the form 
Sep  5 12:58:23 pennstation kernel: nfsd: request from insecure port (803b1385:49646)!

>Fix:

In rpc.lockd, bind the NLM client to a reserved source port.
Unfortunately, I don't know enough RPC hacking to write a patch.

I tried using the "insecure" NFS option in /etc/exports on the Linux host,
as a workaround, but this didn't actually avoid the problem.
>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list