On Wed, Dec 02, 2020 at 05:56:43PM -0500, J. Bruce Fields wrote:
> From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
>
> We originally tried to grant permissions on the v4 pseudoroot filesystem
> that were the absolute minimum required for a client to reach a given
> export. This turns out to be complicated, and we've never gotten it
> quite right. Also, the tradition from the MNT protocol was to allow
> anyone to browse the list of exports.
>
> So, do as we already did with security flavors and just allow clients
> from high ports to access the whole pseudofilesystem.
Oh, except then we may as well also remove this "flags" parameter.
--b.
diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
index 36543401f296..f6eb126660f3 100644
--- a/utils/mountd/v4root.c
+++ b/utils/mountd/v4root.c
@@ -55,7 +55,7 @@ static nfs_export pseudo_root = {
};
static void
-set_pseudofs_security(struct exportent *pseudo, int flags)
+set_pseudofs_security(struct exportent *pseudo)
{
struct flav_info *flav;
int i;
@@ -85,7 +85,7 @@ v4root_create(char *path, nfs_export *export)
strncpy(eep.e_path, path, sizeof(eep.e_path)-1);
if (strcmp(path, "/") != 0)
eep.e_flags &= ~NFSEXP_FSID;
- set_pseudofs_security(&eep, curexp->e_flags);
+ set_pseudofs_security(&eep);
exp = export_create(&eep, 0);
if (exp == NULL)
return NULL;
@@ -133,7 +133,7 @@ pseudofs_update(char *hostname, char *path, nfs_export *source)
return 0;
}
/* Update an existing V4ROOT export: */
- set_pseudofs_security(&exp->m_export, source->m_export.e_flags);
+ set_pseudofs_security(&exp->m_export);
return 0;
}
