Re: mount.nfs: access denied by server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Aug 21, 2009 at 05:08:12PM -0400, Trond Myklebust wrote:
> On Fri, 2009-08-21 at 16:59 -0400, J. Bruce Fields wrote:
> > On Fri, Aug 21, 2009 at 04:39:53PM -0400, Peter Staubach wrote:
> > > Tom Haynes wrote:
> > > > J. Bruce Fields wrote:
> > > >>
> > > >>> Right now, we use AUTH_SYS if the mount command didn't specify a
> > > >>> flavor, but the flavor we're going to use is always checked against
> > > >>> the server's returned list.  You seem to be suggesting we should
> > > >>> ignore the server's list entirely if sec= was specified...?
> > > >>>     
> > > >>
> > > >> Yes.  I can't see what practical problems that would cause.
> > > >>
> > > 
> > > Here, I am going to disagree.  The client should compare the
> > > flavor specified with the list of authentication flavors
> > > returned by the server and if the specific flavor isn't on
> > > the list, then the mount attempt should be failed.
> > 
> > Why?  What can go wrong if you just try the flavor?
> > 
> > Ugh: to answer my own question: ok, if the server allows auth_sys for
> > the NFS operations required on mount (as suggested by the security
> > considerations rfc), then that would mean mount would always succeed,
> > and nobody would see the error until the first operation on the
> > filesystem.  It would be better to return the error on mount.
> > 
> > So, I think I have to give in and agree with you.  People will just have
> > to upgrade their mountd's....
> 
> People have lived with the current situation for years without any
> trouble. It was only the addition of the security negotiation that
> exposed the mountd bug.
> 
> My position is that if mountd returns a clearly invalid (i.e. empty)
> list, then that's not a reason to interrupt the mount. We should just
> fall back to what we did prior to including security negotiation.

Yeah, so instead of taking my original pseudocode (which just allowed
sec= to always override even a non-empty list from the server), more
reasonable might be just to treat the empty-list case specially.

For example, maybe:

	- If the returned list is nonempty:
		- Do whatever the latest code does: probably return an
		  error if there's a clash with the sec= mount option,
		  otherwise attempt the first on the list.
	- Otherwise, if the returned list is empty:
		- Use any sec= option if provide, or auth_sys if not.

--b.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux