Slashdot Mirror
Major NFS Bugs Found & Being Fixed
mbadolato writes "From an article at kerneltrap.org: On the FreeBSD hacker mailing list, Jordan Hubbard commented on some serious issues with NFS, posting a tool called 'fsx' - originally developed for the NeXT OS - that was ideal for finding them. Matt Dillon was quite impressed by the tool and immediately started playing with it. In very little time, he presented a number of major fixes..."
There's a good collection of the emails here describing some of the fixes that Matt Dillon has made."
Apparently Matt found one bug in the softupdates code and reported it to McKusick, who has written a patch. Matt is still testing the new code in -current and if everythings works ok it will be MFC'ed to -stable within one week, so that this code makes it for 4.5-RELEASE that is coming soon.
blows up my FreeBSD 4.4 server pretty quickly (it panics and reboots.) Yes, I'm running softupdates.
...
Anyone gotten this to run on linux? After I fixed the (silly) division by zero error, it still dies with an mmap: Invalid argument error
It was already discussed on the kernel mailing list.l /0112.1/1573.html
Including a (trivial) port to GNU/Linux.
Local filesystems are OK (except for ReiserFS), but NFS does show some problems.
http://www.uwsg.indiana.edu/hypermail/linux/kerne
In essence, the problem is seen on reiserfs (being investigated) and also in NFS. No-one has mentioned following up on the NFS problems yet...
Nor have problems yet been seen in XFS, Ext2 or Ext3.
Would you rather be oblivious? As it stands, *BSD fans see this note, and a lot of work is going into developing a fix, not only for BSD, but for Linux as well - if you want to follow the status, follow the links/mirrors/forums. The tool these guys are using (publicly available) has discovered major flaws in the internal VM implementation - what are the odds you'd EVER hear of that with M$? (BTW, has anyone run this against M$'s NFS implementations?)
Besides, part of the fun of open-source is watching the evolution. The emails documenting how this evolved are fun to read - wonder what M$'s equivalents say? We'll never know....
I love vegetarians - some of my favorite foods are vegetarians.
is the lack of Kerberos authentication, or any type of reliable authentication for that matter, in NFS. I would classify this as a 'shortcomning' rather than a 'bug' if the exports(5) manpage didn't seem to imply that it was possible. In any event, I really can't see myself using FreeBSD in any kind of production environment where security is even a minor concern when such a problem exists in NFS. Does anyone know if this issue is going to be addressed in later releases of FreeBSD? I think at least someone should take the 5 minutes to update the manpage...
People using fsx found bugs in NFS, not security holes. Furthermore, by default, Sun and Linux machines do not export file systems, and NFS is not intended for use on unsecure networks (NFS is intrinsically not secure unless your network is secure, and this is documented). And neither Sun nor Linux are consumer operating systems--if you run them, you should know about proper system management and security.
Microsoft, in contrast, shipped a consumer operating system that, when used as intended, out of the box, was wide open to take-over over the Internet. They have done similar things in the past with browsers and other software. That's not a "little security flaw", it's a major goof.
Finally, both NFS and SMB came out of a closed source big corporate culture. They are both awful. The only reason they are still used is because of their corporate backing. You can blame Sun and Microsoft for that, not the open source community.