From owner-freebsd-current@freebsd.org  Wed Dec 19 01:06:03 2018
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38A49134532D
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Wed, 19 Dec 2018 01:06:03 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from CAN01-TO1-obe.outbound.protection.outlook.com
 (mail-eopbgr670046.outbound.protection.outlook.com [40.107.67.46])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
 (Client CN "mail.protection.outlook.com",
 Issuer "GlobalSign Organization Validation CA - SHA256 - G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 680458FE58
 for <freebsd-current@FreeBSD.org>; Wed, 19 Dec 2018 01:06:01 +0000 (UTC)
 (envelope-from rmacklem@uoguelph.ca)
Received: from YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM (10.166.150.143) by
 YTOPR01MB0218.CANPRD01.PROD.OUTLOOK.COM (10.166.151.14) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.1425.19; Wed, 19 Dec 2018 01:05:59 +0000
Received: from YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::cdca:7b49:ceab:91f]) by YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM
 ([fe80::cdca:7b49:ceab:91f%3]) with mapi id 15.20.1425.023; Wed, 19 Dec 2018
 01:05:59 +0000
From: Rick Macklem <rmacklem@uoguelph.ca>
To: "freebsd-current@FreeBSD.org" <freebsd-current@FreeBSD.org>
Subject: possible POLA violation for NFS server to make it Linux compatible
Thread-Topic: possible POLA violation for NFS server to make it Linux
 compatible
Thread-Index: AQHUlzZLCZ8Tsqd2GkKmM/wWP+MyUQ==
Date: Wed, 19 Dec 2018 01:05:59 +0000
Message-ID: <YTOPR01MB039500BCA166BE8D21E2C6E1DDBE0@YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; YTOPR01MB0218;
 6:Tp1rqKt9QOV7mrqpRio4SeaJm/sTcqaOg9K0Tvt2k1u7eltkwXe7mwJNUAbHBUiG6/3ly9upDVdmfZ548LqC9Wl4l9EJmgIyBihK5i7JDhKDR+RIMLjK+BjveGLArAJVNJCgbj3CqEshoOsX3hJKhqT1QleXZJZEJVZXhlxIXnLaDthykjqVJWos5Fg9t7jQ2Jmnoa1jHzBMLd00ziDgLCTWm02A6ypmATCRIna01GQj4JeEmbHIjPqtj9mn/O54TwLCUIPwqGhsFHMmlVg3PB1StSz8TLOqXeQdxqqmrbFSMUygrlvHtRa3kDzI+DFe0Cz71tLSTkB9UNG/+gpkpJowShicGayCCpBQ4ObMrdQh2B/AuDZRx71HleF3hNe8Io4szllspnvgYlUK/US4annBnKLdTS0dWs/3qT6na+aztySUjiMLFsLDYAneLTzhdH71ABcX71YWNNe/AT49bQ==;
 5:8nr6JIS4KKIKYHwvFVe2UIHpL4XrAht86ArGBSKLFlv0Evj/IvW6OHqqqxyHt6AQD3oQ/6wBNT38PPi8DlCzxHFqE++91js0yzeXRA0025EN5gg8UkRAt1hY7WrTD9p9nB/XSBLdMUudkEAGjM8A7NRhD1DeuP/fzd0U8A1mMFo=;
 7:Sp5q3bCZYXk/Jyz4D7ZIr5WhfOsfgXqM6s4NHjYoyMbEnbxi1z2EDYSBCETjx4Lgac/Kp6TVyANCR8mS99aGiyXm3jjSsed6U9JQZJ60iwQW7ZrzU/2fmRLoTC9aKfJNh74+kmP+6sr1ZEaIx+liRg==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: d53764e1-68cc-4bd8-e68b-08d6654e239b
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(7193020);
 SRVR:YTOPR01MB0218; 
x-ms-traffictypediagnostic: YTOPR01MB0218:
x-microsoft-antispam-prvs: <YTOPR01MB021847ACAD9F1DF7BBA8E962DDBE0@YTOPR01MB0218.CANPRD01.PROD.OUTLOOK.COM>
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0;
 RULEID:(3230021)(999002)(6040522)(2401047)(5005006)(8121501046)(3231475)(944501520)(52105112)(93006095)(93001095)(10201501046)(3002001)(148016)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123560045)(20161123558120)(201703131423095)(201702281529075)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095);
 SRVR:YTOPR01MB0218; BCL:0; PCL:0; RULEID:; SRVR:YTOPR01MB0218; 
x-forefront-prvs: 0891BC3F3D
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(346002)(39860400002)(396003)(136003)(366004)(376002)(189003)(199004)(33656002)(6436002)(5640700003)(74316002)(25786009)(2501003)(6916009)(68736007)(305945005)(46003)(9686003)(71190400001)(71200400001)(8936002)(55016002)(2906002)(2351001)(8676002)(7696005)(97736004)(81156014)(81166006)(53936002)(786003)(486006)(102836004)(6506007)(316002)(478600001)(105586002)(5660300001)(186003)(476003)(14454004)(86362001)(74482002)(99286004)(256004)(106356001)(14444005);
 DIR:OUT; SFP:1101; SCL:1; SRVR:YTOPR01MB0218;
 H:YTOPR01MB0395.CANPRD01.PROD.OUTLOOK.COM; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: uoguelph.ca does not designate
 permitted sender hosts)
x-microsoft-antispam-message-info: Qk90QdeWZvD+Vlay8Qp0o+7gBerlJyqUx37upNH2okMCt8L5JvAIhD+hLsgTqipupGVrNNXIL10GIhdlACRjohsaMJ8/mwO0P6SXDJd9gmy7vOIE5oDuoAJN7RFNcgy1i97C97Eoeabjz/0AH9coOQIBrJFqTF9xikz8wUIrUy51RdGcdCWRbZ7syCcZ24UtgLj4EkMEB+zQz+PvyATrPHdBsHj4KCw8bpAMTeSGFCHdSWgUiYuRdszI2b1LeIMqEhhzU3uGY/8XmGRKHBKlZ3lVUv5qRHTylM/fWLlfzf1ayKGzhKasFW+BA9who+hu
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: uoguelph.ca
X-MS-Exchange-CrossTenant-Network-Message-Id: d53764e1-68cc-4bd8-e68b-08d6654e239b
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2018 01:05:59.8152 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: be62a12b-2cad-49a1-a5fa-85f4f3156a7d
X-MS-Exchange-Transport-CrossTenantHeadersStamped: YTOPR01MB0218
X-Rspamd-Queue-Id: 680458FE58
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 spf=pass (mx1.freebsd.org: domain of rmacklem@uoguelph.ca designates
 40.107.67.46 as permitted sender) smtp.mailfrom=rmacklem@uoguelph.ca
X-Spamd-Result: default: False [-3.70 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip4:40.107.0.0/17];
 RCVD_COUNT_THREE(0.00)[3];
 MX_GOOD(-0.01)[mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com,mx2.hc184-76.ca.iphmx.com,mx1.hc184-76.ca.iphmx.com];
 NEURAL_HAM_SHORT(-0.59)[-0.589,0]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:8075, ipnet:40.64.0.0/10, country:US];
 RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-0.995,0]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.996,0];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[uoguelph.ca];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-0.81)[ipnet: 40.64.0.0/10(-1.97), asn: 8075(-2.02), country:
 US(-0.08)]; 
 RCVD_IN_DNSWL_NONE(0.00)[46.67.107.40.list.dnswl.org : 127.0.3.0];
 TO_DN_EQ_ADDR_ALL(0.00)[]
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 01:06:03 -0000

It was my understanding that the NFSv4 working group believed that the requ=
irement
for the NFSv4 client to use a priviledged port# (< 1024) should not exist.
As such, I coded the server to ignore the vfs.nfsd.nfs_privport sysctl and =
allow the
mount for NFSv4.

PR#234106 has reported this as a compatibility issue w.r.t. the Linux NFS s=
erver.

The change to make the FreeBSD NFSv4 server use vfs.nfsd.nfs_privport is tr=
ivial
and I think being compatible with Linux is important (I see it as the defac=
to
standard NFS implementation these days).

However, I am concerned that this change will result in a slight POLA viola=
tion
for sites with vfs.nfsd.nfs_privport set, but doing NFSv4 mounts that might=
 now fail.
What do others think I should do?

rick