Date: Thu, 28 Nov 2024 07:04:10 -0800 From: Rick Macklem <rick.macklem@gmail.com> To: Bob Bishop <rb@gid.co.uk> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org>, Michael Proto <mike@jellydonut.org> Subject: Re: RFC: fixing PR#282995 Message-ID: <CAM5tNy6t_nb4pPTr1N=0%2B7jh6PHDuRz2V%2BJm575TCFpZhjje0A@mail.gmail.com> In-Reply-To: <F949CCDA-D424-4F83-9A0A-EE8ED7C54A10@gid.co.uk> References: <CAM5tNy4YHAPUgZddok1U3Oz3vFB26-FC5M6Ocwx7bZhWm%2BUX4Q@mail.gmail.com> <F949CCDA-D424-4F83-9A0A-EE8ED7C54A10@gid.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 28, 2024 at 4:36=E2=80=AFAM Bob Bishop <rb@gid.co.uk> wrote:
>
> Hi,
>
> > On 27 Nov 2024, at 21:56, Rick Macklem <rick.macklem@gmail.com> wrote:
> >
> > Hi,
> >
> > PR#282995 reports that the "-alldirs" export option is broken,
> > since it allows an export where the directory path is not a mount point=
.
> >
> > I'll admit I did not recall this semantic for -alldirs and I now see it=
is only
> > documented in the "Examples" section of exports(5).
> >
> > Looking at the code, it appears this was broken between releng1 and
> > releng2.0 (about 30years ago) when the call to mount(2) in mountd.c
> > was changed from using the path in the exports line to using f_mntonnam=
e.
> > (The check for "it is a mount point" depended on mount(2) failing becau=
se
> > the path was not a mount point.)
> >
> > I do believe the semantic is a useful one,
>
> Why?
Suppose /cdrom is where a CD is mounted sometimes.
If this is exported when the CD is not mounted, it will export
the "/" file system.
--> This export is probably not what the sysadmin wanted.
mountd does now generate a warning about this, which
was how the exporter spotted the bug.
For example (the line in /etc/exports):
/cdrom -alldirs
will export "/" to "the world" if /cdrom is not mounted.
The example in the exports(5) man page claims the export
line will fail, so "/" would not be exported. This seems like
a better semantic to me.
rick
>
> > although making it that way
> > after 30years might be construed as a POLA violation?
> >
> > So, what do others think I should do with this?
> > (A) - Patch mountd to enforce the "must be a mount point when -alldirs
> > is specified, plus update exports(5) to state this semantic clea=
rly.
> > or
> > (B) - Patch mountd so that it enforces "must be a mount point when -all=
dirs
> > is specified, but only enabled via a new mountd command line opt=
ion.
> > --> ie. Leave the default as not enforced, but allow enforcement=
based
> > on a new mountd option.
> > - Document this in both exports(5) and mountd(8).
> > or
> > ???
>
> (C) - Patch mountd so that it enforces "must be a mount point when -alldi=
rs
> is specified, but provide a new mountd command line option to rest=
ore the old behaviour.
> --> ie. Default as enforced, but allow an override based on a new=
mountd option.
> - Document this in both exports(5) and mountd(8).
>
> I think that (A) is too POLA-unfriendly.
>
> > Thanks in advance for your comments, rick
> >
>
> --
> Bob Bishop
> rb@gid.co.uk
>
>
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy6t_nb4pPTr1N=0%2B7jh6PHDuRz2V%2BJm575TCFpZhjje0A>