tech-kern: Re: Interface to change NFS exports

Subject: Re: Interface to change NFS exports
To: Greg Oster <oster@cs.usask.ca>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-kern
Date: 09/12/2005 11:00:35
On Sun, Sep 11, 2005 at 08:48:14PM -0600, Greg Oster wrote:
> > > I don't ask you implement this, but as you're planning to change the
> > > interface, please think about it in the new one :)
> > 
> > I think all that would be needed would be for there to be a way to upload=
> > =20
> > multiple export entries at once. That way we can say, "here, this is the=20
> > new export list."
> > 
> > I agree that all Julio would need to do now is think about how we add=20
> > multiple entries at once, and we'd be prepared for this in the future.
> 
> If we're making a "shopping list" of changes we'd like to see here... ;)
> 
> When checking to see if an NFS export is allowed, Solaris appears
> to do a lookup of the IP address at the time the mount request is made, 
> rather than building a table of IP addresses for the hosts at the 
> time mountd is run (as NetBSD does).  Ignoring the fact that Dynamic 
> DNS may be evil, this means that Solaris behaves much better with 
> hosts that happen to be down (and have lost their lease) when mountd 
> is restarted, than does NetBSD. (NetBSD gets incredibly unhappy 
> because it can't find an IP address for the host at the time mountd 
> is run, and so then refuses to run mountd, shutting all hosts out, 
> not just the one that might be temporarily off-line.  This is 
> arguably a security feature, but, well, if you're running NFS, you 
> may have Other Security Issues anyway :-} )
> 
> But IMO it'd be way cool if NetBSD could do the same as Solaris and 
> delay the lookup of the IP address until the point where the mount 
> request is made... 

I think solaris works in a different way than NetBSD does (at last it used to):
there is no check done in the kenrel at the NFS level, only by mountd
when a client requests a filehandle at mount time. This means that once you
know a filehandle (and you could find one by trying random values), you
can access a filesystem on the server, even if your IP is not allowed.

Now it would be possible to allow dynamic names with an export list in the
kernel, this just means that mountd would have to install a new export list
in the kernel each time a new name->ip translation is discovered.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--