Page MenuHomeFreeBSD

Apply default security policy in vfs_export
ClosedPublic

Authored by freqlabs on Jun 16 2020, 8:56 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Oct 28, 11:30 AM
Unknown Object (File)
Oct 3 2024, 10:51 PM
Unknown Object (File)
Oct 1 2024, 2:22 AM
Unknown Object (File)
Oct 1 2024, 12:15 AM
Unknown Object (File)
Sep 19 2024, 8:17 PM
Unknown Object (File)
Sep 4 2024, 6:42 AM
Unknown Object (File)
Sep 1 2024, 9:21 AM
Unknown Object (File)
Aug 30 2024, 8:08 AM
Subscribers

Details

Summary

In rS360900 we were mistaken about where the default sec=sys came from. I was under the impression mountd ensured the default security flavor, but that is clearly not the case.

Set the default security flavor in vfs_export if none is given, and remove the workaround for oexport compat.

Reported by: npn
Sponsored by: iXsystems, Inc.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

So, someone had an old version of mountd that did not fill in
the default security flavor, although it was using a "struct export_args"
that had that field in it?

This change is fine to me, although I looked at old mountd.c code and
thought I saw it filled in.

Maybe there was a window in which mountd.c hadn't been updated,
but was build with what is now called "struct o2export_args" in head.

Anyhow, moving setting the default into vfs_export() seems fine to me.

This revision is now accepted and ready to land.Jun 16 2020, 9:08 PM

Sheesh, when I saw this reported I looked at parsesec in mountd.c and saw it wasn't falling back to a default, but missed where that actually happens in do_mount. I do feel a lot better now being reassured it wasn't by some miracle that we had managed to have a default working before. Not sure how npn managed to hit the edge case but the belt and suspenders approach should take care of it. 😅

This revision was automatically updated to reflect the committed changes.