From owner-freebsd-hackers Mon Mar 27 11:24:19 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id LAA00310 for hackers-outgoing; Mon, 27 Mar 1995 11:24:19 -0800 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id LAA00300 for ; Mon, 27 Mar 1995 11:24:03 -0800 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.8/8.6.6) id KAA14556; Mon, 27 Mar 1995 10:43:48 -0800 From: "Rodney W. Grimes" Message-Id: <199503271843.KAA14556@gndrsh.aac.dev.com> Subject: Re: mountd strangeness To: wpaul@skynet.ctr.columbia.edu (House of Debuggin') Date: Mon, 27 Mar 1995 10:43:47 -0800 (PST) Cc: taob@aries.ibms.sinica.edu.tw, freebsd-hackers@FreeBSD.org In-Reply-To: <199503271427.JAA00666@skynet.ctr.columbia.edu> from "House of Debuggin'" at Mar 27, 95 09:27:20 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 1920 Sender: hackers-owner@FreeBSD.org Precedence: bulk > > They say this Brian Tao person was kidding when he wrote: > > > > On Mon, 27 Mar 1995, Wankle Rotary Engine wrote: > > > > > > /sbin -ro host1 host2 host3 > > > /etc/ppp -ro host1 > > > /etc/mtree -ro host3 > > > > Have you tried: > > > > /sbin /etc/ppp -ro host1 > > /sbin -ro host2 > > /sbin /etc/mtree -ro host3 ... > > So far, the only other person to comment on this was Rod Grimes, who > tantilized me with all of two sentences that indicated that it works > this way for security reasons, and then declined to go into detail. > (Frankly, I'm embarassed: I keep thinking that somehow I'm supposed to > find Divine Enlightenment (tm) in what he told me, and instead I feel > about as enlightened as a broken light bulb. :) >From the man page BUGS section: The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local server mount point. ... Since the export options are tied to local mount points if you you stop returning the EPERM and start to modify the stored table you in effect will be allowing more access than you thought you where. To do what you want to do will require major surgery of the way kernel stores and associates this information, not some quick hack to return different values. The information could no longer be attacted to local mount points but instead would have it's own table or list of exported directories. You also have to be very carefull about the top of the exported directories so that some client can't try to go above the file system by using the .. entry if you have this new table that allows subdir's to be exported with different permissions to different hosts. I have seen this bug in a few NFS implementations. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD