Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 10 Jul 2016 09:44:08 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-bugs@FreeBSD.org
Subject:   [Bug 210957] [PATCH] reject /etc/exports lines where the first field(s) end with a /
Message-ID:  <bug-210957-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D210957

            Bug ID: 210957
           Summary: [PATCH] reject /etc/exports lines where the first
                    field(s) end with a /
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs@FreeBSD.org
          Reporter: dereks@lifeofadishwasher.com
          Keywords: patch

Created attachment 172306
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D172306&action=
=3Dedit
reject FS fields that end with a / update exports man page

If the last character in the file system fields (the first set of fields) f=
rom
/etc/exports ends with a / (other than root) then the exported nfs file sys=
tem
can't be mounted on a remote system.

mountd(8) happily accepts lines from /etc/exports if the last character in =
the
file system fields is /.  Other than / itself are there any valid cases whe=
re
the fs field should/can end with a /?

NFS Server(nfssrv):
# cat /etc/exports=20
/mnt/backups/isos -ro -mapall=3Dnobody -network 10.....

NFS Client(nfscli):
$ sudo mount nfssrv:/mnt/backups/isos/  /tmp/
mount_nfs: can't mount /mnt/backups/isos/ from nfssrv onto /private/tmp:
Permission denied

NFS Server rejecting a line with a FS ending with a /:
..... mountd[66457]: bad exports list line /mnt/backups/isos/

With patch mountd

NFS Server from /var/log/messages:
........ mountd[17841]: mount request denied from nfscli for /mnt/backups/i=
sos


Removing the / fixes the issue.

See the attached patch to update mountd.c:check_dirpath to reject lines and
exports.5 explaining file system fields shouldn't end with / other than roo=
t.

I have only tested the patch with 10.3-RELEASE (nfs server) and Mac OS X
(client).  It seems this isn't a client issue (same problem with Linux NFS
clients) based off other forum posts.

Also, it appears the patch should apply to (10|11)-STABLE and CURRENT.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-210957-8>