[Secure-testing-team] Bug#537098: openafs-client: chdir() returns invalid working directory in chroot environment

Christian Ambach bugs at bashburg.de
Tue Jul 14 21:46:25 UTC 2009 

Package: openafs-client
Version: 1.4.7.dfsg1-6+lenny1
Severity: normal

We have a setup for FTP users that can connect and are chroot()ed into a directory on AFS.
There seems to be something wrong with one volume because if you want to chdir into a mountpoint of that volume, the user ends up outside of the chroot.

The chroot puts initially puts the user into /afs/.<ourcell>/ (I'll use <ourcell> everywhere instead of our real cell name.
If the user tries to descend into the "www" mountpoint, the FTP server suddenly returns that it is in the absolute path and not in the relative path to the chroot any more.

See the following ltrace:

[pid 5873] chdir("www")                  = 0
[pid 5873] malloc(1)                     = 0x8781f18
[pid 5873] getcwd(0xb7fc9000, 4096)      = "/afs/.<ourcell>/www"

Sample output from the FTP client showing good and bad case:

230 Login successful.
ftp> cd upload
250 Directory successfully changed.
ftp> pwd
257 "/upload"
ftp> cd ..
250 Directory successfully changed.
ftp> cd www
250 Directory successfully changed.
ftp> pwd
257 "/afs/.<ourcell>/www"
ftp>

This behaviour eventually goes away when stopping the AFS client, deleting its cache directory and then start up the AFS client again.
It used to work fine on sarge and etch, so it looks like lenny has a regression here.


-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages openafs-client depends on:
ii  debconf [debconf-2.0]     1.5.24         Debian configuration management sy
ii  libc6                     2.7-18         GNU C Library: Shared libraries
ii  libncurses5               5.7+20081213-1 shared libraries for terminal hand

Versions of packages openafs-client recommends:
ii  lsof  4.78.dfsg.1-4                      List open files
ii  opena 1.4.1-2+10.00.Custom               AFS distributed filesystem kernel 
ii  opena 1.4.2-6etch1+2.6.18.dfsg.1-18etch6 AFS distributed filesystem kernel 
ii  opena 1.4.7.dfsg1-6+lenny1+2.6.26-17     AFS distributed filesystem kernel 
ii  opena 1.4.7.dfsg1-6+lenny1               AFS distributed filesystem kernel 

Versions of packages openafs-client suggests:
pn  openafs-doc                   <none>     (no description available)
pn  openafs-krb5                  <none>     (no description available)

-- debconf information:
  openafs-client/fakestat: true
  openafs-client/afsdb: true
* openafs-client/run-client: true
* openafs-client/dynroot: true
  openafs-client/crypt: true
* openafs-client/thiscell: <ourcell>
* openafs-client/cachesize: 50000

More information about the Secure-testing-team mailing list