From owner-svn-src-head@freebsd.org Sun May 14 13:21:35 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 30453D6CF9D; Sun, 14 May 2017 13:21:35 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from CAN01-TO1-obe.outbound.protection.outlook.com (mail-eopbgr670083.outbound.protection.outlook.com [40.107.67.83]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DC746139B; Sun, 14 May 2017 13:21:34 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM (10.165.218.133) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1084.16; Sun, 14 May 2017 13:21:31 +0000 Received: from YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) by YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM ([10.165.218.133]) with mapi id 15.01.1084.026; Sun, 14 May 2017 13:21:31 +0000 From: Rick Macklem To: Bruce Evans , Rick Macklem CC: "src-committers@freebsd.org" , "svn-src-all@freebsd.org" , "svn-src-head@freebsd.org" Subject: Re: svn commit: r318262 - head/usr.sbin/mountd Thread-Topic: svn commit: r318262 - head/usr.sbin/mountd Thread-Index: AQHSzGMb0lgM+E2Muk292CpYffx7q6Hz0MV0 Date: Sun, 14 May 2017 13:21:31 +0000 Message-ID: References: <201705140038.v4E0cfLN028319@repo.freebsd.org>, <20170514132052.M1020@besplex.bde.org> In-Reply-To: <20170514132052.M1020@besplex.bde.org> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: optusnet.com.au; dkim=none (message not signed) header.d=none;optusnet.com.au; dmarc=none action=none header.from=uoguelph.ca; x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; YTXPR01MB0189; 7:CgsXGJ4P5TGehgX5zxp73W62lxBf1829LVzKOAkfKBoBvAcgLw4XRpQFfnn6EQ6khVsiDyR6Ode6MCOny9CwZ/RvWodp/ylXdN/VKNsYVp0g2251LerD6J9kbX7y5jHNPcgM6wT92DORVx6amwoVPQn1YUU8Sdni8NV6jjYWimoupwoUWTQG4KcyNBjkqiaC+r2mKGN2CSm52Nte6zwLMJnwxKALLQt9DRn01phTRyLZ3+075cXVjRy97TMqKaWatOybqr7GbB+JFGV3cDOeR+G6hHw3f/oXIV05FtcYCU11OQp+DVqNbzS/lTRmKxtnD2gnxtkWi9+27Fy2Je08GA== x-ms-office365-filtering-correlation-id: ba827066-d2f4-40a2-ae12-08d49acc2312 x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254075)(201703131423075)(201703031133081); SRVR:YTXPR01MB0189; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(158342451672863)(46150409022019)(96448707832919); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040450)(2401047)(8121501046)(5005006)(93006095)(93001095)(3002001)(10201501046)(6041248)(20161123564025)(201703131423075)(201702281529075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123558100)(20161123562025)(20161123560025)(6072148); SRVR:YTXPR01MB0189; BCL:0; PCL:0; RULEID:; SRVR:YTXPR01MB0189; x-forefront-prvs: 03077579FF x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(6009001)(39840400002)(39410400002)(39400400002)(39450400003)(24454002)(377454003)(229853002)(478600001)(8676002)(6506006)(77096006)(2906002)(33656002)(55016002)(2950100002)(38730400002)(8936002)(81166006)(6436002)(6246003)(54906002)(9686003)(53936002)(50986999)(74316002)(305945005)(7696004)(102836003)(54356999)(76176999)(5660300001)(189998001)(2900100001)(86362001)(122556002)(53546009)(551544002)(25786009)(3280700002)(3660700001)(74482002)(4326008)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:YTXPR01MB0189; H:YTXPR01MB0189.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; MLV:ovrnspm; PTR:InfoNoRecords; LANG:en; spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: uoguelph.ca X-MS-Exchange-CrossTenant-originalarrivaltime: 14 May 2017 13:21:31.7421 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTXPR01MB0189 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2017 13:21:35 -0000 Oh, and if the commit doesn't get reverted, I do plan on committing a change to the exports.5 man page. I just held off on that until the dust settles. I had expected more discussion on freebsd-current@ w.r.t. this, but after several days of no messages, I went ahead with what the two responders seemed to support. rick ________________________________________ From: Bruce Evans Sent: Saturday, May 13, 2017 11:35:00 PM To: Rick Macklem Cc: src-committers@freebsd.org; svn-src-all@freebsd.org; svn-src-head@freeb= sd.org Subject: Re: svn commit: r318262 - head/usr.sbin/mountd On Sun, 14 May 2017, Rick Macklem wrote: > Log: > Change the default uid/gid values for nobody/nogroup to 65534/65533. > > The default values found in /etc/passwd and /etc/group are 65534, 65533. > In mountd.c, the defaults were -2, which was 65534 back when uid_t was 1= 6bits. > Without this patch, a file created by root on an NFS exported volume wit= hout > the "-root=3D" export option will end up owned by uid 4**32 - 2. > When discussed on freebsd-current@, it seemed that users preferred the > values being changed to 65534/65533. I got used to 4294967294. The large number makes it easy to see files created by root on another system. I mostly use nfs without maproot, and create such files often using tmp directories to transfer files. > I have not added code to acquire these values from the databases, since > the mountd daemon might get "stuck" during startup waiting for a non-res= ponsive > password database server. > > Discussed on: freebsd-current > > Modified: > head/usr.sbin/mountd/mountd.c exports(5) is not modified, so still documents -2:-2 but not the actual value of 4294967294:4294967294. It seems dangerous to change the documente= d default. What happens if the server only supports 16-bit (or 15-bit, or 8-bit) uids? > Modified: head/usr.sbin/mountd/mountd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/usr.sbin/mountd/mountd.c Sun May 14 00:23:27 2017 (r3= 18261) > +++ head/usr.sbin/mountd/mountd.c Sun May 14 00:38:41 2017 (r3= 18262) > @@ -230,9 +230,9 @@ static char **exnames; > static char **hosts =3D NULL; > static struct xucred def_anon =3D { > XUCRED_VERSION, > - (uid_t)-2, > + (uid_t)65534, > 1, > - { (gid_t)-2 }, > + { (gid_t)65533 }, > NULL > }; > static int force_v2 =3D 0; The casts are now bogus. They might have been needed to avoid warnings about possible sign extension bugs... > @@ -2893,8 +2893,8 @@ parsecred(char *namelist, struct xucred > /* > * Set up the unprivileged user. > */ > - cr->cr_uid =3D -2; > - cr->cr_groups[0] =3D -2; > + cr->cr_uid =3D 65534; > + cr->cr_groups[0] =3D 65533; > cr->cr_ngroups =3D 1; > /* > * Get the user's password table entry. But there were no casts here, and the warnings should be the same. Bruce