Commit 04146816 authored by Neil Brown's avatar Neil Brown Committed by David S. Miller

[PATCH] kNFSd 11: Remove problematic "security" checks when NFS exporting.

The nfs server currently doesn't allow you to export both a
directory and an ancestor of that directory on the same filesystem.

This check is more of a problem than a solution and can be
done in user-space if needed, so it is removed.

The potential for a security problem is because the files
below the lower directory could be accessed as though it were under
either of the export points, and so the access control that is
applied might not be what is expected (by the nieve admin).

e.g.  export /a as readwrite and /a/b as readonly.  Then a/b/c
can be accessed readwrite as it is in /a which might not be the
intend.  Altering the user to this can be done in userspace though.

The current restriction also stops exporting / as readonly and
/tmp as read-write which some people want to do.  Providing
/tmp is also exported subtree_check (the default) there is no
security issue here.
parent 9bb4ebc6
...@@ -37,8 +37,6 @@ typedef struct svc_export svc_export; ...@@ -37,8 +37,6 @@ typedef struct svc_export svc_export;
static svc_export * exp_parent(svc_client *clp, struct super_block *sb, static svc_export * exp_parent(svc_client *clp, struct super_block *sb,
struct dentry *dentry); struct dentry *dentry);
static svc_export * exp_child(svc_client *clp, struct super_block *sb,
struct dentry *dentry);
static void exp_unexport_all(svc_client *clp); static void exp_unexport_all(svc_client *clp);
static void exp_do_unexport(svc_export *unexp); static void exp_do_unexport(svc_export *unexp);
static svc_client * exp_getclientbyname(char *name); static svc_client * exp_getclientbyname(char *name);
...@@ -146,31 +144,6 @@ exp_parent(svc_client *clp, struct super_block *sb, struct dentry *dentry) ...@@ -146,31 +144,6 @@ exp_parent(svc_client *clp, struct super_block *sb, struct dentry *dentry)
return NULL; return NULL;
} }
/*
* Find the child export entry for a given fs. This function is used
* only by the export syscall to keep the export tree consistent.
* <gam3@acm.org>
*/
static svc_export *
exp_child(svc_client *clp, struct super_block *sb, struct dentry *dentry)
{
struct list_head *head = &clp->cl_export[EXPORT_HASH(sb->s_dev)];
struct list_head *p;
struct dentry *ndentry;
spin_lock(&dcache_lock);
list_for_each(p, head) {
svc_export *exp = list_entry(p, svc_export, ex_hash);
ndentry = exp->ex_dentry;
if (ndentry && is_subdir(ndentry->d_parent, dentry)) {
spin_unlock(&dcache_lock);
return exp;
}
}
spin_unlock(&dcache_lock);
return NULL;
}
/* /*
* Hashtable locking. Write locks are placed only by user processes * Hashtable locking. Write locks are placed only by user processes
* wanting to modify export information. * wanting to modify export information.
...@@ -321,16 +294,6 @@ exp_export(struct nfsctl_export *nxp) ...@@ -321,16 +294,6 @@ exp_export(struct nfsctl_export *nxp)
inode->i_sb->s_export_op->find_exported_dentry = inode->i_sb->s_export_op->find_exported_dentry =
find_exported_dentry; find_exported_dentry;
if (exp_child(clp, inode->i_sb, nd.dentry) != NULL) {
dprintk("exp_export: export not valid (Rule 3).\n");
goto finish;
}
/* Is this is a sub-export, must be a proper subset of FS */
if (exp_parent(clp, inode->i_sb, nd.dentry) != NULL) {
dprintk("exp_export: sub-export not valid (Rule 2).\n");
goto finish;
}
err = -ENOMEM; err = -ENOMEM;
if (!(exp = kmalloc(sizeof(*exp), GFP_USER))) if (!(exp = kmalloc(sizeof(*exp), GFP_USER)))
goto finish; goto finish;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment