Date: Fri, 20 Jun 2014 20:59:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 191218] mountd: can't change attributes for XXXXXXX: Invalid radix node head, rn: 0 0xXXXXXXXXXXXXXXX; can still mount path Message-ID: <bug-191218-8-HID2UVzqVe@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-191218-8@https.bugs.freebsd.org/bugzilla/> References: <bug-191218-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191218 --- Comment #5 from yaneurabeya@gmail.com --- (In reply to Xin LI from comment #4) > (In reply to yaneurabeya from comment #3) > > (In reply to Xin LI from comment #2) > > > Exporting subdirectories of a mountpoint is problematic and this is a well > > > known limitation of the protocol. I don't consider this as a security issue > > > because the administrator is supposed to know what they are doing. > > > > The security concern was over the fact that mountd is clearly reporting an > > error in the code, but hiding the fact that it's actually an error; unless > > the administrator is looking for errors from mountd, they have absolutely > > _no_ idea that the path is actually exported. > > mountd have (correctly) reported that it was unable to change the export > attributes, we could, of course, use better error message, but if the > administrator chooses to ignore error messages, there is nothing we can do > with it. > > Also, exporting subdirectories just plain doesn't work because the NFS > client can still request anything in the mountpoint. Properly implemented > client does not allow it but an attacker do not have to use a properly > implemented one. This is well known and relying on this security model is > just plain wrong. I forgot to include the fact that localhost:/tmp/bar was mounted to /mnt ; this was implied in my reproduction steps. /tmp/foo and /tmp/bar are two distinct paths. Why is /tmp/foo being exported if it's not showing up in showmount -e? Yes, I know that I've been playing in Linux for a little too long (9 months), and looking back I'm not using the prescribed syntax for exports(5), but I expected the code to not export /tmp/bar and it did. (posing the question differently) As a sysadmin/support engineer, how could I understand that mountd has actually exported the directory if the tools that should be doing this (showmount -e) don't print out anything meaningful? -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-191218-8-HID2UVzqVe>