Subject: pkg/24560: /etc/security doesn't parse /etc/exports correctly
To: None <gnats-bugs@gnats.NetBSD.org>
From: None <firstname.lastname@example.org>
Date: 02/26/2004 00:41:22
>Synopsis: /etc/security doesn't parse /etc/exports correctly
>Arrival-Date: Wed Feb 25 23:42:00 UTC 2004
>Originator: Jukka Salmi
>Release: NetBSD 1.6ZK
System: NetBSD himo.salmi.ch 1.6ZK NetBSD 1.6ZK (HIMO) #0: Wed Feb 18 00:27:09 CET 2004 email@example.com:/build/nbsd/current/sys/arch/i386/compile/HIMO i386
Checking of /etc/exports in /etc/security (check_nfs) is not done correctly.
Several things are wrongly assumed:
- only one directory can be specified per entry
- logical lines are physical lines
- the host set starts with a minus sign (-)
But the following is true:
- several directories can be may be specified per entry
- lines can be continued using \ because src/usr.sbin/mountd/mountd.c,
line 1043, read /etc/exports using fparseln(3).
- the host set can be specified as -network=... -mask=...
An /etc/exports entry as follows:
/a/directory /another/dir \
-ro -maproot=nobody:nobody -network=220.127.116.11 -mask=255.255.255.0
is syntactically correct and doen't export the directories globally, but
results in the following text being output during /etc/security execution:
Checking for globally exported file systems.
File system -ro globally exported, read-write.
I'll send a patch in a minute...