Date: Mon, 27 Mar 1995 10:43:47 -0800 (PST) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: wpaul@skynet.ctr.columbia.edu (House of Debuggin') Cc: taob@aries.ibms.sinica.edu.tw, freebsd-hackers@FreeBSD.org Subject: Re: mountd strangeness Message-ID: <199503271843.KAA14556@gndrsh.aac.dev.com> In-Reply-To: <199503271427.JAA00666@skynet.ctr.columbia.edu> from "House of Debuggin'" at Mar 27, 95 09:27:20 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > They say this Brian Tao person was kidding when he wrote: > > > > On Mon, 27 Mar 1995, Wankle Rotary Engine wrote: > > > > > > /sbin -ro host1 host2 host3 > > > /etc/ppp -ro host1 > > > /etc/mtree -ro host3 > > > > Have you tried: > > > > /sbin /etc/ppp -ro host1 > > /sbin -ro host2 > > /sbin /etc/mtree -ro host3 ... > > So far, the only other person to comment on this was Rod Grimes, who > tantilized me with all of two sentences that indicated that it works > this way for security reasons, and then declined to go into detail. > (Frankly, I'm embarassed: I keep thinking that somehow I'm supposed to > find Divine Enlightenment (tm) in what he told me, and instead I feel > about as enlightened as a broken light bulb. :) >From the man page BUGS section: The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local server mount point. ... Since the export options are tied to local mount points if you you stop returning the EPERM and start to modify the stored table you in effect will be allowing more access than you thought you where. To do what you want to do will require major surgery of the way kernel stores and associates this information, not some quick hack to return different values. The information could no longer be attacted to local mount points but instead would have it's own table or list of exported directories. You also have to be very carefull about the top of the exported directories so that some client can't try to go above the file system by using the .. entry if you have this new table that allows subdir's to be exported with different permissions to different hosts. I have seen this bug in a few NFS implementations. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503271843.KAA14556>