Date: Thu, 24 May 2012 14:47:02 +0300 From: Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua> To: freebsd-fs@freebsd.org Subject: NLM uses AUTH_SYS ignoring sec option in mount_nfs Message-ID: <20120524114702.GA38087@pm513-1.comsys.ntu-kpi.kiev.ua>
next in thread | raw e-mail | index | archive | help
Hello, Looks like that NLM always uses AUTH_SYS even if a client specified another security flavor in the mount_nfs's "sec" option. Also NLM on the server does not verify that NLM client's security flavor is allowed by NFS exported file system, security flavors array from VFS_CHECKEXP() is ignored in nlm/nlm_prot_impl.c:nlm_get_vfs_state(). Such behaviour of NLM I see on 10-CURRENT, I added log messages to the kernel to see security flavors used by NFSv3 and NLM requests. Both NFS client and server are on the same system, NFSv3 mounts are from unprivileged users. According to [1] NLMv4 allows to use different security flavors. Can somebody comment such behaviour of NLM? [1] http://pubs.opengroup.org/onlinepubs/9629799/chap14.htm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120524114702.GA38087>