>     The reason is that the file handles passed to nfsd could then
>     be trivially faked to gain rw access on a ro-exported subdirectory.
>     For example, if you export /usr read-only and /usr/local read-write,
>     you can then construct an NFS request using /usr/local's mount point
>     but with a file handle that represents a file in /usr, and then be
>     able to write to that file.  This is because the file handle
>     representing file X will be almost identical no matter which mount
>     point X is accessed relative to.

Yes I see. I'd also like to see what happens if you move some
directory, or if you are doing hardlinks and also move them ... :-)
Your explanation is logical to me.

Maybe we should fix the exports(5) manpage. This is not a bug, it's
a security restriction.

It seems to me that we have a really good nfs implementation here
on BSD, and we can do more finetuning than on Solaris itself. Also
mountd and export seems to support more features than in Solaris,
according to the manpage.

Could this export restriction change in future with nfsv4, when nfs
does get stateful (I've heard about that the stateless behaviour will
go away with nfsdv4) ... ? I do not know much about the internals of
nfsv4 ...


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to