On Thu, Dec 03, 2020 at 12:54:53AM +0000, Trond Myklebust wrote:
> On Wed, 2020-12-02 at 17:56 -0500, J. Bruce Fields wrote:
> > From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
> >
> > As with security flavors and "secure" ports, we tried to code this so
> > that pseudofs directories would inherit root squashing from their
> > children, but it doesn't really work as coded and I'm not sure it's
> > useful.
> >
> > Just root squash always. If it turns out somebody's exporting
> > directories that are only readable by root, I guess we can try to do
> > something else here, but frankly that sounds like a pretty weird
> > configuration.
> >
> > Signed-off-by: J. Bruce Fields <bfields@xxxxxxxxxx>
> > ---
> > utils/mountd/v4root.c | 2 --
> > 1 file changed, 2 deletions(-)
> >
> > diff --git a/utils/mountd/v4root.c b/utils/mountd/v4root.c
> > index 2ac4e87898c0..36543401f296 100644
> > --- a/utils/mountd/v4root.c
> > +++ b/utils/mountd/v4root.c
> > @@ -60,8 +60,6 @@ set_pseudofs_security(struct exportent *pseudo, int
> > flags)
> > struct flav_info *flav;
> > int i;
> >
> > - if ((flags & NFSEXP_ROOTSQUASH) == 0)
> > - pseudo->e_flags &= ~NFSEXP_ROOTSQUASH;
> > for (flav = flav_map; flav < flav_map + flav_map_size;
> > flav++) {
> > struct sec_entry *new;
> >
>
> Hmm... What is the harm in allowing root to be unsquashed here? Isn't
> this really all about respecting lookup permissions, or could a user
> actually modify something in the pseudofs? If the latter, then that
> sounds like a bug (the pseudofs should always be read-only).
Yeah, it should only be read-only.
> The consequence of not being able to look up a directory in the
> pseudofs is that the NFSv4 client will be completely unable to mount
> that subtree, so squashing root could make a major difference.
Fair enough, I'll resend.
--b.
