| Message ID | 1606949804-31417-2-git-send-email-bfields@fieldses.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [1/2] mountd: allow high ports on all pseudofs exports | expand |
On Wed, 2020-12-02 at 17:56 -0500, J. Bruce Fields wrote: > From: "J. Bruce Fields" <bfields@redhat.com> > > As with security flavors and "secure" ports, we tried to code this so > that pseudofs directories would inherit root squashing from their > children, but it doesn't really work as coded and I'm not sure it's > useful. > > Just root squash always. If it turns out somebody's exporting > directories that are only readable by root, I guess we can try to do > something else here, but frankly that sounds like a pretty weird > configuration. > > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > --- > utils/mountd/v4root.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c > index 2ac4e87898c0..36543401f296 100644 > --- a/utils/mountd/v4root.c > +++ b/utils/mountd/v4root.c > @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int > flags) > struct flav_info *flav; > int i; > > - if ((flags & NFSEXP_ROOTSQUASH) == 0) > - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; > for (flav = flav_map; flav < flav_map + flav_map_size; > flav++) { > struct sec_entry *new; > Hmm... What is the harm in allowing root to be unsquashed here? Isn't this really all about respecting lookup permissions, or could a user actually modify something in the pseudofs? If the latter, then that sounds like a bug (the pseudofs should always be read-only). The consequence of not being able to look up a directory in the pseudofs is that the NFSv4 client will be completely unable to mount that subtree, so squashing root could make a major difference.
On Thu, Dec 03, 2020 at 12:54:53AM +0000, Trond Myklebust wrote: > On Wed, 2020-12-02 at 17:56 -0500, J. Bruce Fields wrote: > > From: "J. Bruce Fields" <bfields@redhat.com> > > > > As with security flavors and "secure" ports, we tried to code this so > > that pseudofs directories would inherit root squashing from their > > children, but it doesn't really work as coded and I'm not sure it's > > useful. > > > > Just root squash always. If it turns out somebody's exporting > > directories that are only readable by root, I guess we can try to do > > something else here, but frankly that sounds like a pretty weird > > configuration. > > > > Signed-off-by: J. Bruce Fields <bfields@redhat.com> > > --- > > utils/mountd/v4root.c | 2 -- > > 1 file changed, 2 deletions(-) > > > > diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c > > index 2ac4e87898c0..36543401f296 100644 > > --- a/utils/mountd/v4root.c > > +++ b/utils/mountd/v4root.c > > @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int > > flags) > > struct flav_info *flav; > > int i; > > > > - if ((flags & NFSEXP_ROOTSQUASH) == 0) > > - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; > > for (flav = flav_map; flav < flav_map + flav_map_size; > > flav++) { > > struct sec_entry *new; > > > > Hmm... What is the harm in allowing root to be unsquashed here? Isn't > this really all about respecting lookup permissions, or could a user > actually modify something in the pseudofs? If the latter, then that > sounds like a bug (the pseudofs should always be read-only). Yeah, it should only be read-only. > The consequence of not being able to look up a directory in the > pseudofs is that the NFSv4 client will be completely unable to mount > that subtree, so squashing root could make a major difference. Fair enough, I'll resend. --b.
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c index 2ac4e87898c0..36543401f296 100644 --- a/utils/mountd/v4root.c +++ b/utils/mountd/v4root.c @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int flags) struct flav_info *flav; int i; - if ((flags & NFSEXP_ROOTSQUASH) == 0) - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH; for (flav = flav_map; flav < flav_map + flav_map_size; flav++) { struct sec_entry *new;