[864] in linux-security and linux-alert archive
Re: [linux-security] A secure (?) nfs-server ?
daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Jun 28 17:28:17 1996
From: wietse@wzv.win.tue.nl (Wietse Venema)
To: gander@defiant.vte.com (Gerald Anderson)
Date: Fri, 28 Jun 96 22:40:05 MET DST
Cc: sandman@chiara.dei.unipd.it, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606280139.UAA00987@defiant.vte.com>; from "Gerald Anderson" at Jun 27, 96 8:39 pm
Gerald Anderson wrote:
>
> Just to add my $0.02 in on the secure NFS thread. It is indeed an oxymoron
> however, I though now might be a good time to point out the portmap 4 is out,
> it's supposed to be substantially more secure than previous versions. I run
My portmap 4 is just portmap 3 with changes to keep up with evolution -
it has support for the variable-length sockaddr structures as found in
AIX 4.x and in 4.4 BSD.
I agree, NFS in its default form offers hardly any resistance against
malicious superusers. It's not so bad, though, in an environment that
is shielded against NFS requests from malicious superusers :-) It all
depends on who is in control.
Wietse