On Tue, Oct 04, 2011 at 11:28:23AM -0600, Theo de Raadt wrote: > > I don't follow here. > > > > In anycase. Whatever NFS might to internally, that is to use a a integer > > uid -1 (uid_t is a int32_t) doesnt really matter. The problem is in mountd > > and exports. > > > > The nobody user is for doing things like: -maproot=nobody or -mapall=nobody > > in your export lists, right ? > > > > If not, then a new user needs to be created for this purpose. Having > > multiple > > things use the same "dummy" user is IMO bad practice, > > As far as I know, in OpenBSD, only locate is using that nobody now. All our > other code is fixed. Or should be. Yep, locate uses 'nobody' in weekly for example (which was the reason I brought this up). > > so nobody should continue > > to be the "NFS user" if for nothing less then historical reasons and > > in-the-wild > > setups. > > the passwd nobody is not the "NFS user". It is 32767, which is not -1. > > I see that code in mountd for nobody. How bizzare. That looks like the > biggest offender of assuming 32767 is -1.
-- Cheers, Jasper "Capable, generous men do not create victims, they nurture them."
