Subject: Re: security/6594: the default "nobody" credentials (32767:9999) do not match mountd's default (-2:-2)
To: NetBSD GNATS submissions and followups <gnats-bugs@gnats.netbsd.org>
From: David Laight <david@l8s.co.uk>
List: netbsd-bugs
Date: 09/07/2002 21:57:16
A couple of little things:

> + #define DEF_ANON_GID	(-2)
> + #define DEF_ANON_UID	(-2)

Need casting to uid_t and gid_t or gcc might start bleating

> + 	if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups))
> + 	 /* Convert from int's to gid_t's and compress out duplicate 

getgrouplist is defined to have 'gid_t *groups' (in getgrouplist(3)
and unistd.h, although the man page (still?) says 'the integer
array pointed to by groups').  So this code isn't right...

I've also been wondering....

I presume (from where the changes are) that this is a server-side
map of uid zero - ie the nfs packets contain 0 not -2.

I was wondering whether the 'correct' fix isn't here, but is where
file premissions are checked (access?).  There uid/gid values of
-2 could explicitly not match any user or group.  So only if there
is write access by 'other' would the values ever end up in the
filesystem, indeed write permission could be revoked as well.

There is then the question of whether specifying -mapall=nobody
in /etc/exports should use -2:-2 or the password entry for "nobody"?
Is -mapall=-2:-2 valid?
What does -webnfs do?

	David

-- 
David Laight: david@l8s.co.uk