Can you please escalate fixing this in stable due to the security
implications of presuming an export record like:
/data -rw,... \
trustedhost untrustedhost(ro)
will "Do The Right Thing(tm)".
In Debian Jessie(current stable), without this being fixed, a system
upgrade from wheezy where this worked properly before now allows an
untrusted host to write to a filesystem it should not be allowed to.
same with defaulting "-no_root_squash... untrustedhost(root_squash)".
(we can argue if such an export is the best way to do this, but this bug
does introduce a legitimate security concern)
I don't want to wait several years for this awful bug to percolate back
down to stable on the next release.
<rant>
My whole reliance on using export records of the form:
/export -{defaults} \
host1 host2 host3({overrides}) ...
Is because it is significantly clearer that you didn't mangle one host's
exports directives (you only have to look at the defaults ONCE), and you
can then create obvious deviations with the '()' form overrides. Breaking
the ability to create these clear and easily visually parsable stanzas
degrades security, IMHO.
Now i have to create multiple exports records with different "-{defaults}",
or put '({options})' on every single host export creating a more complex
exports environment prone to errors.
</rant>
thanks,
--stephen
--
Stephen Dowdy - Systems Administrator - NCAR/RAL
303.497.2869 - sdo...@ucar.edu - http://www.ral.ucar.edu/~sdowdy/
