[Bug 210957] [PATCH] reject /etc/exports lines where the first field(s) end with a /

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Jul 10 09:44:09 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=210957

            Bug ID: 210957
           Summary: [PATCH] reject /etc/exports lines where the first
                    field(s) end with a /
           Product: Base System
           Version: 10.3-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: dereks at lifeofadishwasher.com
          Keywords: patch

Created attachment 172306
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=172306&action=edit
reject FS fields that end with a / update exports man page

If the last character in the file system fields (the first set of fields) from
/etc/exports ends with a / (other than root) then the exported nfs file system
can't be mounted on a remote system.

mountd(8) happily accepts lines from /etc/exports if the last character in the
file system fields is /.  Other than / itself are there any valid cases where
the fs field should/can end with a /?

NFS Server(nfssrv):
# cat /etc/exports 
/mnt/backups/isos -ro -mapall=nobody -network 10.....

NFS Client(nfscli):
$ sudo mount nfssrv:/mnt/backups/isos/  /tmp/
mount_nfs: can't mount /mnt/backups/isos/ from nfssrv onto /private/tmp:
Permission denied

NFS Server rejecting a line with a FS ending with a /:
..... mountd[66457]: bad exports list line /mnt/backups/isos/

With patch mountd

NFS Server from /var/log/messages:
........ mountd[17841]: mount request denied from nfscli for /mnt/backups/isos


Removing the / fixes the issue.

See the attached patch to update mountd.c:check_dirpath to reject lines and
exports.5 explaining file system fields shouldn't end with / other than root.

I have only tested the patch with 10.3-RELEASE (nfs server) and Mac OS X
(client).  It seems this isn't a client issue (same problem with Linux NFS
clients) based off other forum posts.

Also, it appears the patch should apply to (10|11)-STABLE and CURRENT.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list