On 6/21/06, Miod Vallat <[EMAIL PROTECTED]> wrote:
> I have installes OpenBSD 3.8. I exported a directory with > /mnt/gamma -maproot=root 192.168.1.14 > > line in /etc/exports > > Next I tested the server with Nessus vulnerability scaner and it found a > hole in NFS: [...] > This seems like an old (1999) hole. Is there any patch for it or did I do > anything wrong?If /mnt/gamma is not a standalone filesystem, you are hitting the caveat documented in the BUGS section of exports(5): `` The export options are tied to the local mount points in the kernel and must be non-contradictory for any exported subdirectory of the local server mount point. It is recommended that all exported directories within the same server filesystem be specified on adjacent lines going down the tree. You cannot specify a hostname that is also the name of a netgroup. Specifying the full domain specification for a hostname can normally circumvent the problem.'' i.e. by exporting /mnt/gamma, you are really exporting /mnt, hence the whole /mnt filesystem is accessible via nfs, but you can't go up further.
Why is it like this though? Seems like if you tell it to export /mnt/gamma you want it to export /mnt/gamma, not /mnt. -Nick
