Date: Thu, 14 Sep 2000 00:56:54 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Paul Jansen <vlaero@yahoo.com.au> Cc: questions@FreeBSD.ORG Subject: Re: freebsd NFS export limitation? Message-ID: <20000914005654.V69158@149.211.6.64.reflexcom.com> In-Reply-To: <20000914041741.2326.qmail@web5103.mail.yahoo.com>; from vlaero@yahoo.com.au on Thu, Sep 14, 2000 at 03:17:41PM %2B1100 References: <20000914041741.2326.qmail@web5103.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 14, 2000 at 03:17:41PM +1100, Paul Jansen wrote: > Hi, > > I was just reading through > http://www.netbsd.org/Documentation/network/netboot/nfs.html > > It's a diskless netbsd howto. I was looking at this > because there doesn't seem to be a decnt, up-to-date > diskless freebsd how with step by step instructions. > Anyway, I came across this bit: > > "FreeBSD > FreeBSD doesn't support exporting individual > directories. You need to know the mountpoint of the > filesystem you will be exporting. This also means that > the client will have root read/write priveleges on > that whole filesystem. For example, if you only have > one filesystem (i.e. /), then you need to export > everything to the client. " > > Is this true under freeBSD 4.1R? If so it's a bit of > a limitation isn't it? It's never been true in any FreeBSD version I have ever used (all since 2.2.7). You have always been able to allow directories to be mounted. There are restrictions on how it is all done, but it's mostly an issue of getting your /etc/exports set up right. However, it may be true that once an directory from a filesystem is exported, the whole filesystem may be exposed. That is, you cannot mount the filesystem through the usual mount command, but you might be able to craft special NFS requests to access other parts of the filesystem. But I also believe this is not a problem unique to FreeBSD's NFS. I think it's a fundamental NFS weakness. (That's just from some hazy memories. Most NFS exploits do not require that kind of skill level. It's a "barring the windows and leaving the front door unlocked" analogy if you try to fix that issue.) -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000914005654.V69158>