Bug 210957

Summary: [PATCH] mountd(8): reject /etc/exports lines where the first field(s) end with a /
Product: Base System Reporter: Derek Schrock <dereks>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: New ---    
Severity: Affects Only Me Keywords: patch
Priority: ---    
Version: 10.3-RELEASE   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
reject FS fields that end with a / update exports man page none

Description Derek Schrock 2016-07-10 09:44:08 UTC
Created attachment 172306 [details]
reject FS fields that end with a / update exports man page

If the last character in the file system fields (the first set of fields) from /etc/exports ends with a / (other than root) then the exported nfs file system can't be mounted on a remote system.

mountd(8) happily accepts lines from /etc/exports if the last character in the file system fields is /.  Other than / itself are there any valid cases where the fs field should/can end with a /?

NFS Server(nfssrv):
# cat /etc/exports 
/mnt/backups/isos -ro -mapall=nobody -network 10.....

NFS Client(nfscli):
$ sudo mount nfssrv:/mnt/backups/isos/  /tmp/
mount_nfs: can't mount /mnt/backups/isos/ from nfssrv onto /private/tmp: Permission denied

NFS Server rejecting a line with a FS ending with a /:
..... mountd[66457]: bad exports list line /mnt/backups/isos/

With patch mountd

NFS Server from /var/log/messages:
........ mountd[17841]: mount request denied from nfscli for /mnt/backups/isos


Removing the / fixes the issue.

See the attached patch to update mountd.c:check_dirpath to reject lines and exports.5 explaining file system fields shouldn't end with / other than root.

I have only tested the patch with 10.3-RELEASE (nfs server) and Mac OS X (client).  It seems this isn't a client issue (same problem with Linux NFS clients) based off other forum posts.

Also, it appears the patch should apply to (10|11)-STABLE and CURRENT.