From owner-freebsd-fs@FreeBSD.ORG  Tue Jul 20 14:50:03 2010
Return-Path: <owner-freebsd-fs@FreeBSD.ORG>
Delivered-To: freebsd-fs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 917AB1065670
	for <freebsd-fs@hub.freebsd.org>; Tue, 20 Jul 2010 14:50:03 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 6676F8FC1C
	for <freebsd-fs@hub.freebsd.org>; Tue, 20 Jul 2010 14:50:03 +0000 (UTC)
Received: from freefall.freebsd.org (localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o6KEo3mr074650
	for <freebsd-fs@freefall.freebsd.org>; Tue, 20 Jul 2010 14:50:03 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o6KEo3dA074649;
	Tue, 20 Jul 2010 14:50:03 GMT (envelope-from gnats)
Date: Tue, 20 Jul 2010 14:50:03 GMT
Message-Id: <201007201450.o6KEo3dA074649@freefall.freebsd.org>
To: freebsd-fs@FreeBSD.org
From: John Baldwin <jhb@freebsd.org>
Cc: 
Subject: Re: kern/147940: [nfs] mounting &gt;1k TCP-NFS mounts fails
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: John Baldwin <jhb@freebsd.org>
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
	<mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Jul 2010 14:50:03 -0000

The following reply was made to PR kern/147940; it has been noted by GNATS.

From: John Baldwin <jhb@freebsd.org>
To: bug-followup@freebsd.org,
 rs@bytecamp.net
Cc:  
Subject: Re: kern/147940: [nfs] mounting &gt;1k TCP-NFS mounts fails
Date: Tue, 20 Jul 2010 10:42:37 -0400

 There are a limited number of privileged ports on a client, only 1k, and some 
 of those ports are used for other services, so you certainly cannot mount 1k 
 TCP NFS mounts unless you disable the privileged port check on the server.
 
 nfs_privport=0 is not necessarily a risk if you trust all machines that are 
 able to connect to your NFS server (e.g. you manage all the clients and the 
 server is on a LAN or WAN and not directly connected to the Internet).  Even 
 with nfs_privport=1 you are still trusting root on any client machines, 
 nfs_privport=0 only prevents non-root users on client machines from 
 establishing mounts.
 
 However, this isn't a bug, this is just the way IP works, and as a result, the 
 way that NFS mounts work.  -N for the UDP mounts is effectively similar to 
 having nfs_privport set to 0.  I'm not sure exactly how it works (perhaps it 
 requires the mount request to be privileged, but not the normal RPC traffic?), 
 but that is why it is "working".
 
 -- 
 John Baldwin