Package: davfs2
Version: 1.6.1-1
Severity: normal
Hello,
Not making /usr/sbin/mount.davfs setuid has a problematic consequence:
if I run
$ sudo mount /net/foo
$ sudo reboot
the reboot stays stuck for 90s, waiting for mount.davfs to exit.
In the syslog, we can see
août 05 13:46:03 begin mount.davfs[19302]: pid 19302, got signal 15
août 05 13:46:03 begin mount.davfs[19302]: unmounting /net/foo
so it did get the SIGTERM signal from systemd and ran /bin/umount
/net/foo, but stracing that shows:
20189 umount2("/net/foo", 0) = -1 EPERM (Operation not permitted)
20189 write(2, "umount: ", 8) = 8
20189 write(2, "/net/foo: must be superuser to unmount", 38) = 38
That is because mount.davfs is running as user davfs2, not as root, and
thus cannot actually trigger the umount of /net/foo, and things stay
stuck there until 90s later, when systemd gets impatient and sends a
SIGKILL.
Adding the uid=davfs2 option to /etc/fstab allows the umount to work and
thus fix the 90s delay, but davfs should automatically add that option
when it is not already defined, to avoid the davfs2-vs-root incoherency
above.
Samuel
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500,
'testing-debug'), (500, 'stable-security'), (500, 'stable-debug'), (500,
'proposed-updates-debug'), (500, 'proposed-updates'), (500,
'oldstable-proposed-updates-debug'), (500, 'oldstable-proposed-updates'), (500,
'oldoldstable'), (500, 'buildd-unstable'), (500, 'unstable'), (500, 'stable'),
(500, 'oldstable'), (1, 'experimental-debug'), (1, 'buildd-experimental'), (1,
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386, arm64
Kernel: Linux 5.19.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages davfs2 depends on:
ii adduser 3.123
ii cdebconf [debconf-2.0] 0.263
ii debconf [debconf-2.0] 1.5.79
ii libc6 2.33-8
ii libneon27 0.32.2-1+b1
davfs2 recommends no packages.
davfs2 suggests no packages.
-- Configuration Files:
/etc/davfs2/secrets [Errno 13] Permission non accordée: '/etc/davfs2/secrets'
-- debconf information:
* davfs2/new_user: true
* davfs2/user_name: davfs2
* davfs2/new_group: true
* davfs2/suid_file: false
* davfs2/non_root_users_confimed:
* davfs2/group_name: davfs2
--
Samuel
---
Pour une évaluation indépendante, transparente et rigoureuse !
Je soutiens la Commission d'Évaluation de l'Inria.
