Re: [Question] mount points on knfsd.

Bill Hawes (whawes@star.net)
Thu, 10 Sep 1998 08:00:52 -0400

Alan Cox wrote:
>
> > But it is not clear what it should do. The problem with what nfsd
> > does now is that it returns an EACCESS (-13) error when you LOOKUP
> > the mount point, and mount with not let you mount onto that directory.
> >
> > There seem to be several possible solutions:
> >
> > 1) return the underlying directory. This should be easy; you can use
> > dchild->d_covers in fs/nfsd/vfs.c line 176.
>
> That would work. And the underlying directory is on the right file system
> so would have a valid inode for that fs

Returning the underlying directory avoids inode aliasing problems, but
is otherwise a security problem in that it exposes part of a filesystem
not otherwise visible. (How many sysadmins know what's below the
mountpoints for something that's routinely coverd?)

This issue has come up several times before, and people have sent in
patches to let nfsd access the underlying directory. I don't think it's
a good thing to do though.

What would be acceptable is to allow the mounted-over inode to be
visible, but nothing further, so that it could become a mountpoint but
not serve to access any normally invisible directories.

Regards,
Bill

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/faq.html