>Number:         24561
>Category:       bin
>Synopsis:       /etc/security doesn't parse /etc/exports correctly
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Feb 25 23:51:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Jukka Salmi
>Release:        NetBSD 1.6ZK
>Organization:
>Environment:
System: NetBSD himo.salmi.ch 1.6ZK NetBSD 1.6ZK (HIMO) #0: Wed Feb 18 00:27:09 CET 2004 root@himo.salmi.ch:/build/nbsd/current/sys/arch/i386/compile/HIMO i386
Architecture: i386
Machine: i386
>Description:
Checking of /etc/exports in /etc/security (check_nfs) is not done correctly.
Several things are wrongly assumed:

- only one directory can be specified per entry
- logical lines are physical lines
- the host set starts with a minus sign (-)

But the following is true:

- several directories can be may be specified per entry
- lines can be continued using \ because src/usr.sbin/mountd/mountd.c,
  line 1043, read /etc/exports using fparseln(3).
- the host set can be specified as -network=... -mask=...

>How-To-Repeat:
An /etc/exports entry as follows:

/a/directory /another/dir \
  -ro -maproot=nobody:nobody -network=1.2.3.4 -mask=255.255.255.0

is syntactically correct and doen't export the directories globally, but
results in the following text being output during /etc/security execution:

Checking for globally exported file systems.
File system -ro globally exported, read-write.

>Fix:
I'll send a patch in a minute...
>Release-Note:
>Audit-Trail:
>Unformatted: