Hello!
The docs says that subtree checking is used for preventing of guessing
filehandles of files on a filesystem outside of exported directory. I
can't fully understand how it works, particularly what does "filesystem"
means in this context - is it physical filesystem on disk, bind-mounted
filesystem, or "exported" filesystem with own fsid?
The internet has many recipes that just works, but I would like to
understand exactly which attacks the subtree checking prevents.
Let's see an example.
Suppose we have NFSv4 server on Linux with the following entries in fstab:
/dev/sda1 / ext4 defaults 0 0
/dev/sda2 /mnt/storage ext4 defaults 0 0
/mnt/storage /srv/nfs/storage none bind 0 0
/mnt/storage/subdir1 /srv/nfs/subdir1 none bind 0 0
/mnt/storage/subdir3 /srv/nfs/subdir3 none bind 0 0
and the following exports:
/srv/nfs 192.168.1.0/24(rw,fsid=root,no_subtree_check) # NFS root in
server's root FS subdirectory
/srv/nfs/private 192.168.1.1(rw,no_subtree_check) # Subdirectory of NFS
root on the server's root FS
/srv/nfs/subdir1 192.168.1.2(rw,no_subtree_check) # Bind-mounted
subdirectory on /dev/sda2
/srv/nfs/storage/subdir2 192.168.1.3(rw,no_subtree_check) # Subdirectory
of bind-mounted root of /dev/sda2
/srv/nfs/subdir3/subsubdir1 192.168.1.4(rw,no_subtree_check) #
Subdirectory of bind-mounted subdirectory on /dev/sda2
1. Can any client that mounted the NFS root "/" guess filehandles
anywhere on server's root filesystem?
2. Can 192.168.1.1 that mounted "/private" guess filehandles anywhere on
server's root filesystem or in /srv/nfs, /srv/nfs/storage?
2. Can 192.168.1.2 that mounted "/subdir1" guess filehandles in
/mnt/storage or in /srv/nfs/private?
3. Can 192.168.1.3 that mounted "/storage/subdir2" guess filehandles in
/mnt/storage or in /srv/nfs/private?
4. Can 192.168.1.4 that mounted "/subdir3/subsubdir1" guess filehandles
in /mnt/storage/subdir3 (which is bind-mounted) or in whole /mnt/storage?
5. Do any subtree checking behavior change if I remove explicit NFS root
export "/srv/nfs"?
Thank you.
