170413 – [patch] mountd(8): correct handling of -alldirs option and segmentation fault for -sec option

Bug 170413 - [patch] mountd(8): correct handling of -alldirs option and segmentation fault for -sec option

Summary: [patch] mountd(8): correct handling of -alldirs option and segmentation fault...

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	bin (show other bugs)
Version:	10.0-CURRENT
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-06 11:40 UTC by Andrey Simonenko
Modified:	2013-09-23 14:27 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrey Simonenko 2012-08-06 11:40:05 UTC

According to the exports(5) manual page if a line starts with a single
pathname of the root of the file system followed by the -alldirs option.
This option allows to specify that this is a file system export, does not
matter whether it is mounted right now or will be mounted in future.

mountd starting from the 1.84 revision of the usr.sbin/mountd/mountd.c
file ignores the -alldirs option (> 5 years ago).  It silently treats
the given pathname as a directory name and exports the entire file
system this directory belongs to.  Actually it has to export the given
pathname only if it is a mount point.  This is a security issue, since
mountd violates exports(5) rules.

Also the following update corrects segmentation fault if the -sec option
is given without an argument.

Fix: 

[ patch elided - gavin@ ]
How-To-Repeat: 
Create the /etc/exports file with this content:

/cdrom -alldirs

Suppose /cdrom is not a mount point, now run mountd and try to mount
the <server>:/ NFS export, you will get access to the root file system.

Comment 1 dfilter service freebsd_committer

2013-02-20 12:40:38 UTC

Author: pluknet
Date: Wed Feb 20 12:40:26 2013
New Revision: 247034
URL: http://svnweb.freebsd.org/changeset/base/247034

Log:
  Check if the -sec option is given without an argument.
  
  PR:		bin/170413
  Submitted by:	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
  MFC after:	1 week

Modified:
  head/usr.sbin/mountd/mountd.c

Modified: head/usr.sbin/mountd/mountd.c
==============================================================================
--- head/usr.sbin/mountd/mountd.c	Wed Feb 20 12:14:49 2013	(r247033)
+++ head/usr.sbin/mountd/mountd.c	Wed Feb 20 12:40:26 2013	(r247034)
@@ -2235,7 +2235,7 @@ do_opt(char **cpp, char **endcpp, struct
 			ep->ex_indexfile = strdup(cpoptarg);
 		} else if (!strcmp(cpopt, "quiet")) {
 			opt_flags |= OP_QUIET;
-		} else if (!strcmp(cpopt, "sec")) {
+		} else if (cpoptarg && !strcmp(cpopt, "sec")) {
 			if (parsesec(cpoptarg, ep))
 				return (1);
 			opt_flags |= OP_SEC;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 2 dfilter service freebsd_committer

2013-02-27 08:55:39 UTC

Author: pluknet
Date: Wed Feb 27 08:55:26 2013
New Revision: 247394
URL: http://svnweb.freebsd.org/changeset/base/247394

Log:
  MFC r247034:
    Check if the -sec option is given without an argument.
  
  PR:		bin/170413
  Submitted by:	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>

Modified:
  stable/9/usr.sbin/mountd/mountd.c
Directory Properties:
  stable/9/usr.sbin/mountd/   (props changed)

Modified: stable/9/usr.sbin/mountd/mountd.c
==============================================================================
--- stable/9/usr.sbin/mountd/mountd.c	Wed Feb 27 08:44:03 2013	(r247393)
+++ stable/9/usr.sbin/mountd/mountd.c	Wed Feb 27 08:55:26 2013	(r247394)
@@ -2238,7 +2238,7 @@ do_opt(char **cpp, char **endcpp, struct
 			ep->ex_indexfile = strdup(cpoptarg);
 		} else if (!strcmp(cpopt, "quiet")) {
 			opt_flags |= OP_QUIET;
-		} else if (!strcmp(cpopt, "sec")) {
+		} else if (cpoptarg && !strcmp(cpopt, "sec")) {
 			if (parsesec(cpoptarg, ep))
 				return (1);
 			opt_flags |= OP_SEC;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 3 dfilter service freebsd_committer

2013-02-27 08:57:14 UTC

Author: pluknet
Date: Wed Feb 27 08:56:57 2013
New Revision: 247395
URL: http://svnweb.freebsd.org/changeset/base/247395

Log:
  MFC r247034:
    Check if the -sec option is given without an argument.
  
  PR:		bin/170413
  Submitted by:	Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>

Modified:
  stable/8/usr.sbin/mountd/mountd.c
Directory Properties:
  stable/8/usr.sbin/mountd/   (props changed)

Modified: stable/8/usr.sbin/mountd/mountd.c
==============================================================================
--- stable/8/usr.sbin/mountd/mountd.c	Wed Feb 27 08:55:26 2013	(r247394)
+++ stable/8/usr.sbin/mountd/mountd.c	Wed Feb 27 08:56:57 2013	(r247395)
@@ -2229,7 +2229,7 @@ do_opt(char **cpp, char **endcpp, struct
 			ep->ex_indexfile = strdup(cpoptarg);
 		} else if (!strcmp(cpopt, "quiet")) {
 			opt_flags |= OP_QUIET;
-		} else if (!strcmp(cpopt, "sec")) {
+		} else if (cpoptarg && !strcmp(cpopt, "sec")) {
 			if (parsesec(cpoptarg, ep))
 				return (1);
 			opt_flags |= OP_SEC;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

Comment 4 Gavin Atkinson freebsd_committer

2013-09-23 14:24:08 UTC

State Changed
From-To: open->closed

Submitter requests that this PR be closed.