Checks for ROFS are not sufficient in NFS server
In a case a read-only filesystem is shared over NFS, the NFSv2/v3 server does not check hard enough to prevent modifications of such filesystem.
Steps to reproduce this issue (reproducible only without the fix for #4638):
- create a ZFS filesystem
- create a file in the filesystem
- change the owner of the file to nobody
- set readonly property of the filesystem to on
- share the filesystem over NFS
- mount the filesystem on a Windows machine
- try to write to the file from the Windows machine
- the write will succeed, but it shouldn't
To fix this issue we need to enhance the rdonly() macro to call vn_is_readonly(), similarly as it is done in the rdonly4().
Updated by Electric Monk over 8 years ago
Author: Marcel Telka <firstname.lastname@example.org> 4642 Checks for ROFS are not sufficient in NFS server Reviewed by: Dan McDonald <email@example.com> Reviewed by: Matthew Ahrens <firstname.lastname@example.org> Approved by: Robert Mustacchi <email@example.com>