jonathan@comp.vuw.ac.nz (Jonathan) (02/11/91)
Synopsis:
/sbin/mount doesn't use a reserved port for NFS mounts,
as required by the latest Sun implementation.
Symptom:
Some NFS mount requests fail. For example, attempting to mount the
filesystem /home/whitu from the SunOS 4.1 system whitu.isor on the
4.3BSD-Reno system nikau:
Script started on Mon Feb 11 10:06:44 1991
nikau# mount -t nfs -o ro whitu.isor:/home/whitu /u/isor/whitu
Can't access /home/whitu: Permission denied
script done on Mon Feb 11 10:06:56 1991
Repeat-by:
On a 4.3bsd-Reno system, attempt to NFS-mount a filesystem
exported from a Sun running SunOS 4.1 or 4.1.1, where the
mountd on the sun is started without a "-n" argument.
Diagnosis:
NFS mount daemons (mountd's) based on Sun's release 3.0 of NFS
(including, but not limited to, those shipped with SunOS 4.1, MORE/bsd,
and Irix 3.3) will only communicate with reserved ports (i.e., port
numbers less than 1024). The port the Reno mount(1) uses to obtain the
args for an NFS mount is not a reserved port.
On such systems, the -n argument to mountd removes this restrictions,
but makes things slightly less secure. Some sysadmins therefore
refuse to use it, so this is not a suitable workaround.
Fix:
A kludge to force a reserved port follows. This is sufficient for
a single mount request, but could be more robust.
*** mount.c.orig Sat Jun 23 05:16:56 1990
--- mount.c Wed Feb 6 12:02:40 1991
***************
*** 675,680 ****
--- 675,700 ----
u_short tport;
static struct nfhret nfhret;
static char nam[MNAMELEN + 1];
+ #if 1
+ struct sockaddr_in soname;
+
+ /*
+ * Make sure socket for mount info RPC is privileged.
+ * Newer mount daemons require it.
+ */
+ if ((so = socket(PF_INET, SOCK_DGRAM, 0)) < 0) {
+ perror("mount: creating socket for NFS args");
+ exit(1);
+ }
+ soname.sin_family = PF_INET;
+ soname.sin_addr.s_addr = INADDR_ANY;
+ soname.sin_port = htons(IPPORT_RESERVED - 2);
+ soname.sin_len = sizeof(soname);
+ if (bind(so, &soname, sizeof(soname)) < 0) {
+ perror("mount: binding reserved port");
+ exit(1);
+ }
+ #endif
strncpy(nam, spec, MNAMELEN);
nam[MNAMELEN] = '\0';
--
-----------------------------------------------------------------------------
sane mailers: jonathan@comp.vuw.ac.nz | Proverbs for Paranoids, 3:
UUCP: ...!uunet!comp.vuw.ac.nz!jonathan| {\em You} hide, {\em They} seek.
| - Thomas Pynchon