[557] in bugtraq
Re: CERT, about NFS
daemon@ATHENA.MIT.EDU (Scott Schwartz)
Thu Dec 22 03:15:29 1994
To: Jim Duncan <jim@math.psu.edu>
Cc: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>, bugtraq@fc.net
In-Reply-To: Your message of "Wed, 21 Dec 1994 17:19:10 EST."
<199412212219.RAA04179@augusta.math.psu.edu>
Date: Thu, 22 Dec 1994 01:48:17 -0500
From: Scott Schwartz <schwartz@galapagos.cse.psu.edu>
> They're just really making sure. You're right, some of it is redundant.
It's just flatly amazing to me how much hard labor people will happily
endure while never addressing the real, easily fixed, bug; namely that
NFS uses unauthenticated RPC by default.
Not shipping kerberos (or the functional equivalent) as a fully
integrated part of one's OS is a lot like shipping a cpu whose fdiv
instruction doesn't work.
Just my humble opinion.
