[864] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] A secure (?) nfs-server ?

daemon@ATHENA.MIT.EDU (Wietse Venema)
Fri Jun 28 17:28:17 1996

From: wietse@wzv.win.tue.nl (Wietse Venema)
To: gander@defiant.vte.com (Gerald Anderson)
Date: Fri, 28 Jun 96 22:40:05 MET DST
Cc: sandman@chiara.dei.unipd.it, linux-security@tarsier.cv.nrao.edu
In-Reply-To: <199606280139.UAA00987@defiant.vte.com>; from "Gerald Anderson" at Jun 27, 96 8:39 pm

Gerald Anderson wrote:
> 
> Just to add my $0.02 in on the secure NFS thread.  It is indeed an oxymoron 
> however, I though now might be a good time to point out the portmap 4 is out, 
> it's supposed to be substantially more secure than previous versions.  I run 

My portmap 4 is just portmap 3 with changes to keep up with evolution -
it has support for the variable-length sockaddr structures as found in
AIX 4.x and in 4.4 BSD.

I agree, NFS in its default form offers hardly any resistance against
malicious superusers. It's not so bad, though, in an environment that
is shielded against NFS requests from malicious superusers :-) It all
depends on who is in control.

	Wietse

home help back first fref pref prev next nref lref last post