From owner-svn-src-head@freebsd.org Sun May 14 03:35:11 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81EA6D61198; Sun, 14 May 2017 03:35:11 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from mail106.syd.optusnet.com.au (mail106.syd.optusnet.com.au [211.29.132.42]) by mx1.freebsd.org (Postfix) with ESMTP id 4C0AFED7; Sun, 14 May 2017 03:35:10 +0000 (UTC) (envelope-from brde@optusnet.com.au) Received: from besplex.bde.org (c122-106-153-191.carlnfd1.nsw.optusnet.com.au [122.106.153.191]) by mail106.syd.optusnet.com.au (Postfix) with ESMTPS id 8A37E3C5759; Sun, 14 May 2017 13:35:01 +1000 (AEST) Date: Sun, 14 May 2017 13:35:00 +1000 (EST) From: Bruce Evans X-X-Sender: bde@besplex.bde.org To: Rick Macklem cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r318262 - head/usr.sbin/mountd In-Reply-To: <201705140038.v4E0cfLN028319@repo.freebsd.org> Message-ID: <20170514132052.M1020@besplex.bde.org> References: <201705140038.v4E0cfLN028319@repo.freebsd.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Optus-CM-Score: 0 X-Optus-CM-Analysis: v=2.2 cv=KeqiiUQD c=1 sm=1 tr=0 a=Tj3pCpwHnMupdyZSltBt7Q==:117 a=Tj3pCpwHnMupdyZSltBt7Q==:17 a=kj9zAlcOel0A:10 a=H1DrezM2EZjF7fugAWYA:9 a=CjuIK1q_8ugA:10 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 May 2017 03:35:11 -0000 On Sun, 14 May 2017, Rick Macklem wrote: > Log: > Change the default uid/gid values for nobody/nogroup to 65534/65533. > > The default values found in /etc/passwd and /etc/group are 65534, 65533. > In mountd.c, the defaults were -2, which was 65534 back when uid_t was 16bits. > Without this patch, a file created by root on an NFS exported volume without > the "-root=" export option will end up owned by uid 4**32 - 2. > When discussed on freebsd-current@, it seemed that users preferred the > values being changed to 65534/65533. I got used to 4294967294. The large number makes it easy to see files created by root on another system. I mostly use nfs without maproot, and create such files often using tmp directories to transfer files. > I have not added code to acquire these values from the databases, since > the mountd daemon might get "stuck" during startup waiting for a non-responsive > password database server. > > Discussed on: freebsd-current > > Modified: > head/usr.sbin/mountd/mountd.c exports(5) is not modified, so still documents -2:-2 but not the actual value of 4294967294:4294967294. It seems dangerous to change the documented default. What happens if the server only supports 16-bit (or 15-bit, or 8-bit) uids? > Modified: head/usr.sbin/mountd/mountd.c > ============================================================================== > --- head/usr.sbin/mountd/mountd.c Sun May 14 00:23:27 2017 (r318261) > +++ head/usr.sbin/mountd/mountd.c Sun May 14 00:38:41 2017 (r318262) > @@ -230,9 +230,9 @@ static char **exnames; > static char **hosts = NULL; > static struct xucred def_anon = { > XUCRED_VERSION, > - (uid_t)-2, > + (uid_t)65534, > 1, > - { (gid_t)-2 }, > + { (gid_t)65533 }, > NULL > }; > static int force_v2 = 0; The casts are now bogus. They might have been needed to avoid warnings about possible sign extension bugs... > @@ -2893,8 +2893,8 @@ parsecred(char *namelist, struct xucred > /* > * Set up the unprivileged user. > */ > - cr->cr_uid = -2; > - cr->cr_groups[0] = -2; > + cr->cr_uid = 65534; > + cr->cr_groups[0] = 65533; > cr->cr_ngroups = 1; > /* > * Get the user's password table entry. But there were no casts here, and the warnings should be the same. Bruce