kern/147998: NFS -mapall group permissions ignored when -network is specified

Sat, 19 Jun 2010 08:30:39 -0700 

>Number:         147998
>Category:       kern
>Synopsis:       NFS -mapall group permissions ignored when -network is 
>specified
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Jun 19 15:30:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Christopher Key
>Release:        FreeBSD 8.0-RELEASE-p2 amd64
>Organization:
>Environment:
System: FreeBSD chacal.wzl33 8.0-RELEASE-p2 FreeBSD 8.0-RELEASE-p2 #2: Sat Jun 
19 15:45:05 BST 2010 r...@chacal.wzl33:/usr/obj/usr/src/sys/CHACAL amd64


        
>Description:
When -network (or any host restriction probably) is added to an nfs exports 
line, any group privileges for -mapall (and -maproot probably) get ignored.

     
>How-To-Repeat:
Outline steps, not actually tested.

mkdir /exports/dir
touch /exports/dir/file

chown u1:g1 /exports/dir /exports/dir/file
chmod 750 /exports/dir
chmod 640 /exports/dir/file

echo "/exports/dir -ro -mapall nobody:g1" > /etc/exports
kill -s HUP $(cat /var/run/mountd.pid)
# Can access /exports/dir/file via NFS

echo "/exports/dir -ro -mapall nobody:g1 --network 192.168.2.0/24" > 
/etc/exports
kill -s HUP $(cat /var/run/mountd.pid)
# Can't access /exports/dir/file via NFS


Further details in,
http://forums.freebsd.org/showthread.php?t=14493

        
>Fix:

        

--- vfs_export.c.patch begins here ---
Index: sys/kern/vfs_export.c
===================================================================
--- sys/kern/vfs_export.c       (revision 209341)
+++ sys/kern/vfs_export.c       (working copy)
@@ -208,7 +208,7 @@
        np->netc_anon = crget();
        np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
        crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
-           np->netc_anon->cr_groups);
+           argp->ex_anon.cr_groups);
        np->netc_anon->cr_prison = &prison0;
        prison_hold(np->netc_anon->cr_prison);
        np->netc_numsecflavors = argp->ex_numsecflavors;
--- vfs_export.c.patch ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to