marc@CLIK.QC.CA (Marc Boucher) (12/30/89)
In article <1989Dec27.171633.1656@ddsw1.MCS.COM> karl@mcs.MCS.COM (Karl Denninger) writes: > >With ISC 2.0.2, eh? > >How do you handle the fact that your root isn't root on the other >filesystems? That is, you can't read the files! > >The fix is to patch "nobody" in the kernel to 0 instead of -2. That works. >Thanks to the unnamed person (by his request) who provided the hint. Well, I prefered to completely disable remapping. Here's my program. Save old version of /etc/conf/pack.d/nfs/Driver.o in case something bad happens. >Karl Denninger (karl@ddsw1.MCS.COM, <well-connected>!ddsw1!karl) #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create the files: # Makefile # patchnfs.c # This archive created: Fri Dec 29 17:50:11 1989 export PATH; PATH=/bin:$PATH if test -f 'Makefile' then echo shar: will not over-write existing file "'Makefile'" else cat << \SHAR_EOF > 'Makefile' # patchnfs ... Disable root remapping to "nobody" # # for 386/ix NFS # see top of patchnfs.c for other details. # # "make doit" will copy the existing driver to /tmp/newDriver.o and patch # the later. Then save the original and replace it with newDriver.o # after, rebuild/reinstall the kernel with kconfig # all: patchnfs patchnfs: patchnfs.o cc -s -o $@ $@.o doit: patchnfs cp /etc/conf/pack.d/nfs/Driver.o /tmp/newDriver.o ./patchnfs /tmp/newDriver.o @echo "Your new driver is /tmp/newDriver.o" SHAR_EOF chmod +x 'Makefile' fi # end of overwriting check if test -f 'patchnfs.c' then echo shar: will not over-write existing file "'patchnfs.c'" else cat << \SHAR_EOF > 'patchnfs.c' /* program to patch 386/ix NFS 2.0 driver to disable remapping of root to nobody. changes 7300: 75 to 7300: eb , that is a jne to a jmp. Marc Boucher, <marc@clik.qc.ca> 12/29/89 disassembly from Driver.o: 72f6: 89 45 b8 movl %eax,0xb8(%ebp) 72f9: 8b 45 ec movl 0xec(%ebp),%eax 72fc: 83 78 08 00 cmpl $0x0,0x8(%eax) ; check if root 7300: 75 0e jne 0xe <7310> ; change this to jmp 7302: 8b 45 b8 movl 0xb8(%ebp),%eax 7305: 66 8b 15 48 1c 40 00 movw 0x401c48,%dx ; this is where the root id is replaced with "nobody" 730c: eb 0c jmp 0xc <731a> 730e: 90 nop 730f: 90 nop 7310: 8b 45 b8 movl 0xb8(%ebp),%eax 7313: 8b 55 ec movl 0xec(%ebp),%edx 7316: 66 8b 52 08 movw 0x8(%edx),%dx 731a: 66 89 50 02 movw %dx,0x2(%eax) Checksums: $ sum /etc/conf/pack.d/nfs/Driver.o # before patch 35599 199 /etc/conf/pack.d/nfs/Driver.o $ sum /etc/conf/pack.d/nfs/Driver.o # after patch 35717 199 /etc/conf/pack.d/nfs/Driver.o */ #include <stdio.h> #include <unistd.h> #define OFFSET 0x7300 #define OLDBYTE 0x75 #define NEWBYTE 0xeb main(argc, argv) int argc; char **argv; { FILE *in; int ch; if (argc != 2) { fprintf(stderr, "Usage: %s <copyofDriver.o>\n", argv[0]); exit(-1); } in = fopen(argv[1], "r+"); if (!in) { fprintf(stderr, "%s: Can't open %s\n", argv[0], argv[1]); exit(-1); } fseek(in, OFFSET, SEEK_SET); ch = getc(in); switch (ch) { case OLDBYTE: fseek(in, OFFSET, SEEK_SET); putc(NEWBYTE, in); printf("Changed 0x%x to 0x%x at offset 0x%x in %s\n", OLDBYTE, NEWBYTE, OFFSET, argv[1]); break; case NEWBYTE: fprintf(stderr, "%s: Driver already patched!\n", argv[0]); break; default: fprintf(stderr, "%s: Wrong file. Must be a copy of:\n\n /etc/conf/pack.d/nfs/Driver.o, \"@(#) nf:Driver.o 386/ix Version 2.0\"\n", argv[0]); break; } fclose(in); } SHAR_EOF chmod +x 'patchnfs.c' fi # end of overwriting check # End of shell archive exit 0 -- Marc Boucher, sys/netadm @ CLIK Telematique Inc - marc@clik.qc.ca 5144668932_home 5149337161_clik 5149332164_fax - Postmaster@clik.qc.ca