From owner-svn-src-head@freebsd.org Sun May 14 00:38:43 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A9F1D61781; Sun, 14 May 2017 00:38:43 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE57B12FE; Sun, 14 May 2017 00:38:42 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4E0cfnE028320; Sun, 14 May 2017 00:38:41 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4E0cfLN028319; Sun, 14 May 2017 00:38:41 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <201705140038.v4E0cfLN028319@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 14 May 2017 00:38:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r318262 - head/usr.sbin/mountd X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2017 00:38:43 -0000 Author: rmacklem Date: Sun May 14 00:38:41 2017 New Revision: 318262 URL: https://svnweb.freebsd.org/changeset/base/318262 Log: Change the default uid/gid values for nobody/nogroup to 65534/65533. The default values found in /etc/passwd and /etc/group are 65534, 65533. In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits. Without this patch, a file created by root on an NFS exported volume without the "-root=" export option will end up owned by uid 4**32 - 2. When discussed on freebsd-current@, it seemed that users preferred the values being changed to 65534/65533. I have not added code to acquire these values from the databases, since the mountd daemon might get "stuck" during startup waiting for a non-responsive password database server. Discussed on: freebsd-current Modified: head/usr.sbin/mountd/mountd.c Modified: head/usr.sbin/mountd/mountd.c ============================================================================== --- head/usr.sbin/mountd/mountd.c Sun May 14 00:23:27 2017 (r318261) +++ head/usr.sbin/mountd/mountd.c Sun May 14 00:38:41 2017 (r318262) @@ -230,9 +230,9 @@ static char **exnames; static char **hosts = NULL; static struct xucred def_anon = { XUCRED_VERSION, - (uid_t)-2, + (uid_t)65534, 1, - { (gid_t)-2 }, + { (gid_t)65533 }, NULL }; static int force_v2 = 0; @@ -2893,8 +2893,8 @@ parsecred(char *namelist, struct xucred /* * Set up the unprivileged user. */ - cr->cr_uid = -2; - cr->cr_groups[0] = -2; + cr->cr_uid = 65534; + cr->cr_groups[0] = 65533; cr->cr_ngroups = 1; /* * Get the user's password table entry.