Date: Sun, 14 May 2017 13:35:00 +1000 (EST) From: Bruce Evans <brde@optusnet.com.au> To: Rick Macklem <rmacklem@freebsd.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r318262 - head/usr.sbin/mountd Message-ID: <20170514132052.M1020@besplex.bde.org> In-Reply-To: <201705140038.v4E0cfLN028319@repo.freebsd.org> References: <201705140038.v4E0cfLN028319@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 14 May 2017, Rick Macklem wrote:
> Log:
> Change the default uid/gid values for nobody/nogroup to 65534/65533.
>
> The default values found in /etc/passwd and /etc/group are 65534, 65533.
> In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits.
> Without this patch, a file created by root on an NFS exported volume without
> the "-root=" export option will end up owned by uid 4**32 - 2.
> When discussed on freebsd-current@, it seemed that users preferred the
> values being changed to 65534/65533.
I got used to 4294967294. The large number makes it easy to see files
created by root on another system. I mostly use nfs without maproot, and
create such files often using tmp directories to transfer files.
> I have not added code to acquire these values from the databases, since
> the mountd daemon might get "stuck" during startup waiting for a non-responsive
> password database server.
>
> Discussed on: freebsd-current
>
> Modified:
> head/usr.sbin/mountd/mountd.c
exports(5) is not modified, so still documents -2:-2 but not the actual
value of 4294967294:4294967294. It seems dangerous to change the documented
default.
What happens if the server only supports 16-bit (or 15-bit, or 8-bit) uids?
> Modified: head/usr.sbin/mountd/mountd.c
> ==============================================================================
> --- head/usr.sbin/mountd/mountd.c Sun May 14 00:23:27 2017 (r318261)
> +++ head/usr.sbin/mountd/mountd.c Sun May 14 00:38:41 2017 (r318262)
> @@ -230,9 +230,9 @@ static char **exnames;
> static char **hosts = NULL;
> static struct xucred def_anon = {
> XUCRED_VERSION,
> - (uid_t)-2,
> + (uid_t)65534,
> 1,
> - { (gid_t)-2 },
> + { (gid_t)65533 },
> NULL
> };
> static int force_v2 = 0;
The casts are now bogus. They might have been needed to avoid warnings
about possible sign extension bugs...
> @@ -2893,8 +2893,8 @@ parsecred(char *namelist, struct xucred
> /*
> * Set up the unprivileged user.
> */
> - cr->cr_uid = -2;
> - cr->cr_groups[0] = -2;
> + cr->cr_uid = 65534;
> + cr->cr_groups[0] = 65533;
> cr->cr_ngroups = 1;
> /*
> * Get the user's password table entry.
But there were no casts here, and the warnings should be the same.
Bruce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170514132052.M1020>