On Thu, 2007-05-03 at 17:08 -0500, Paul Krizak wrote: > Ah ha! That seems to be it!!!
Indeed it is! > > My "mental model" of how mount/automount should work does *not* think > this is correct. While multiple mounts may occur on a single export > from a filer, the options from the client side for each individual mount > (especially for separate subdirs) should be customizable. Inheriting > the options from the previous mount to that export is asinine and simply > unsupportable in our environment. I did some further testing and found > that this "inheritance" model even happens for ro/rw attributes, causing > HUGE security implications. For example, what if something like this > happened: Me too. I first noticed this (in my opinion) regression more than 6 months ago. For a long time I thought it was only restricted to the ro/rw attributes but recently I've see the rsize/wsize issue mentioned. There have been several bugs logged and posts made to the NFS list but I haven't seen much more than an acknowledgment that it's a limitation of the NFS implementation. So it would be good to be counted by posting this comprehensive analysis to the NFS list (https://lists.sourceforge.net/lists/listinfo/nfs). Maybe that will increase the priority of fixing this issue. > > 1. mount an innocuous directory like /tool/sysadmin_tmp read-write > 2. mount an important directory like /tool/finance_data from the same > filer:/vol/volume, but with -o ro > 3. My experimentation shows that the "finance_data" mount will be > read-write due to inheritance!!! > > The obvious implications of usage of automount and such, I believe this > to be very *bad* behavior. I could see how a sysadmin could set up > something like this expecting it to be secure. For example, a filer > could be set up with one exported dir, depending on its clients (with, > say, static /etc/fstab mounts) setting up whether the NFS mount is > read-only or read-write. But with the way RHEL5 appears to act, a > clever user could carefully "cd" to a read-write dir first, then to the > read-only one, and they'd get read-write privileges where they were not > supposed to! Sure is and it causes several of the autofs Connectathon tests to fail which makes me look bad when it's not actually something I have control over, grrr! Ian _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
