Re: mountd -n doesn't work

[Jason McIntyre]

On Sat, Aug 23, 2014 at 05:30:55AM -0700, Julian Hsiao wrote:
> Hi,
> 
> In the man page for mountd(8), it states that with the "-n" option it
> would "...not require that clients make mount requests from reserved
> ports."  However, you still can't connect from non-reserved ports
> because nfsrv_fhtovp() rejects said connections anyway.  Some work was
> done back in 2006 to suppor this, but it got reverted a day later
> because it "broke a few architectures".
> 
> Given that there hasn't been attempts to fix issues in the original
> patch--that I could tell; I'm not very familiar with the source nor
> CVS--I propose that the the "-n" option be removed from mountd(8) and
> its man page, and instead document that connecting from non-reserved
> ports is not supported, akin to how mount_nfs(8)'s man page mentions
> that the "-P" option is absent because "[in] OpenBSD, a reserved port is
> always used."
> 
> --
> Julian Hsiao
> mad...@nyanisore.net
> 

ok?
jmc

Index: mountd.8
===================================================================
RCS file: /cvs/src/sbin/mountd/mountd.8,v
retrieving revision 1.17
diff -u -r1.17 mountd.8
--- mountd.8    19 Jan 2014 10:39:00 -0000      1.17
+++ mountd.8    23 Aug 2014 17:47:37 -0000
@@ -38,7 +38,7 @@
 .Nd service remote NFS mount requests
 .Sh SYNOPSIS
 .Nm mountd
-.Op Fl dn
+.Op Fl d
 .Op Ar exportsfile
 .Sh DESCRIPTION
 .Nm
@@ -58,14 +58,6 @@
 .Nm
 will not detach from the controlling terminal and will print
 debugging messages to stderr.
-.It Fl n
-Do not require that clients make mount requests from reserved ports.
-(Normally, only mount requests from reserved ports are accepted.)
-This option should only be specified if there are clients, such as PCs,
-that need it.
-The use of
-.Fl n
-is STRONGLY discouraged, as it opens up a wide range of security problems.
 .It Ar exportsfile
 The
 .Ar exportsfile
@@ -111,3 +103,12 @@
 .Nm
 utility first appeared in
 .Bx 4.4 .
+.Pp
+The
+.Fl n
+flag historically allowed clients to use non-reserved ports
+when communicating with
+.Nm .
+In
+.Ox ,
+a reserved port is always used.
Index: mountd.c
===================================================================
RCS file: /cvs/src/sbin/mountd/mountd.c,v
retrieving revision 1.75
diff -u -r1.75 mountd.c
--- mountd.c    16 May 2014 17:30:28 -0000      1.75
+++ mountd.c    23 Aug 2014 17:47:38 -0000
@@ -225,7 +225,7 @@
                        /* Compatibility */
                        break;
                default:
-                       fprintf(stderr, "usage: mountd [-dn] [exportsfile]\n");
+                       fprintf(stderr, "usage: mountd [-d] [exportsfile]\n");
                        exit(1);
                }
        argc -= optind;