ISC update -- NFS root/nobody FIX
Marc Boucher
marc at CLIK.QC.CA
Sat Dec 30 09:55:11 AEST 1989
In article <1989Dec27.171633.1656 at ddsw1.MCS.COM> karl at mcs.MCS.COM (Karl Denninger) writes:
>
>With ISC 2.0.2, eh?
>
>How do you handle the fact that your root isn't root on the other
>filesystems? That is, you can't read the files!
>
>The fix is to patch "nobody" in the kernel to 0 instead of -2. That works.
>Thanks to the unnamed person (by his request) who provided the hint.
Well, I prefered to completely disable remapping. Here's my program.
Save old version of /etc/conf/pack.d/nfs/Driver.o in case something bad
happens.
>Karl Denninger (karl at ddsw1.MCS.COM, <well-connected>!ddsw1!karl)
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create the files:
# Makefile
# patchnfs.c
# This archive created: Fri Dec 29 17:50:11 1989
export PATH; PATH=/bin:$PATH
if test -f 'Makefile'
then
echo shar: will not over-write existing file "'Makefile'"
else
cat << \SHAR_EOF > 'Makefile'
# patchnfs ... Disable root remapping to "nobody"
#
# for 386/ix NFS
# see top of patchnfs.c for other details.
#
# "make doit" will copy the existing driver to /tmp/newDriver.o and patch
# the later. Then save the original and replace it with newDriver.o
# after, rebuild/reinstall the kernel with kconfig
#
all: patchnfs
patchnfs: patchnfs.o
cc -s -o $@ $@.o
doit: patchnfs
cp /etc/conf/pack.d/nfs/Driver.o /tmp/newDriver.o
./patchnfs /tmp/newDriver.o
@echo "Your new driver is /tmp/newDriver.o"
SHAR_EOF
chmod +x 'Makefile'
fi # end of overwriting check
if test -f 'patchnfs.c'
then
echo shar: will not over-write existing file "'patchnfs.c'"
else
cat << \SHAR_EOF > 'patchnfs.c'
/*
program to patch 386/ix NFS 2.0 driver to disable remapping of root to
nobody. changes 7300: 75 to 7300: eb , that is a jne to a jmp.
Marc Boucher, <marc at clik.qc.ca> 12/29/89
disassembly from Driver.o:
72f6: 89 45 b8 movl %eax,0xb8(%ebp)
72f9: 8b 45 ec movl 0xec(%ebp),%eax
72fc: 83 78 08 00 cmpl $0x0,0x8(%eax) ; check if root
7300: 75 0e jne 0xe <7310> ; change this to jmp
7302: 8b 45 b8 movl 0xb8(%ebp),%eax
7305: 66 8b 15 48 1c 40 00 movw 0x401c48,%dx ; this is where the
root id is replaced
with "nobody"
730c: eb 0c jmp 0xc <731a>
730e: 90 nop
730f: 90 nop
7310: 8b 45 b8 movl 0xb8(%ebp),%eax
7313: 8b 55 ec movl 0xec(%ebp),%edx
7316: 66 8b 52 08 movw 0x8(%edx),%dx
731a: 66 89 50 02 movw %dx,0x2(%eax)
Checksums:
$ sum /etc/conf/pack.d/nfs/Driver.o # before patch
35599 199 /etc/conf/pack.d/nfs/Driver.o
$ sum /etc/conf/pack.d/nfs/Driver.o # after patch
35717 199 /etc/conf/pack.d/nfs/Driver.o
*/
#include <stdio.h>
#include <unistd.h>
#define OFFSET 0x7300
#define OLDBYTE 0x75
#define NEWBYTE 0xeb
main(argc, argv)
int argc;
char **argv;
{
FILE *in;
int ch;
if (argc != 2) {
fprintf(stderr, "Usage: %s <copyofDriver.o>\n", argv[0]);
exit(-1);
}
in = fopen(argv[1], "r+");
if (!in) {
fprintf(stderr, "%s: Can't open %s\n", argv[0], argv[1]);
exit(-1);
}
fseek(in, OFFSET, SEEK_SET);
ch = getc(in);
switch (ch) {
case OLDBYTE:
fseek(in, OFFSET, SEEK_SET);
putc(NEWBYTE, in);
printf("Changed 0x%x to 0x%x at offset 0x%x in %s\n", OLDBYTE, NEWBYTE, OFFSET, argv[1]);
break;
case NEWBYTE:
fprintf(stderr, "%s: Driver already patched!\n", argv[0]);
break;
default:
fprintf(stderr, "%s: Wrong file. Must be a copy of:\n\n /etc/conf/pack.d/nfs/Driver.o, \"@(#) nf:Driver.o 386/ix Version 2.0\"\n", argv[0]);
break;
}
fclose(in);
}
SHAR_EOF
chmod +x 'patchnfs.c'
fi # end of overwriting check
# End of shell archive
exit 0
--
Marc Boucher, sys/netadm @ CLIK Telematique Inc - marc at clik.qc.ca
5144668932_home 5149337161_clik 5149332164_fax - Postmaster at clik.qc.ca
More information about the Comp.unix.i386
mailing list