Leonard Rosenthol on Mon, 17 Dec 2001 06:10:29 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] NFS Question


At 12:52 PM 12/14/2001 -0500, gabriel rosenkoetter wrote:
Huh? NFS is plenty secure, especially if you link it against
libwrap, as any sane distro should these days. (Debian, for
instance. All of the BSDs as well.) It won't give mounts to people
you don't explicitly tell it to, and I certainly have heard about
any currently-running nfsd exploits. Have you?

Currently running, no. But there is a LONG history of not just that, but also lower level exploits using buffer overruns and other unexpected behaviors in the file system mounter.



If you're concerned about clear text data, you'll have to justify
the overhead of encryption of network file system access over an
internal network. The right place to protect that is at the border,

Or at the stream level by using something like a VPN/SSH-tunnel.


Anyway, your solution isn't one; Samba's "encryption" is a joke. (A
joke who's punchline is "RC4!")

No argument here!


>          CIFS/SMB good (even if it was designed in Redmond)...

That's totally insane. These are two Unix systems. Why should they
use a network file system designed for Win32?

Because the one "designed for Unix" is old and decrepit and in MAJOR need of modernization (hence the work on NFS 3)...



If anything, AFS should replace NFS here. (And it *is* pretty well
designed.)

Or AFP/IP, if you really want something modern with security issues taken into account.



Leonard


______________________________________________________________________ Philadelphia Linux Users Group - http://www.phillylinux.org Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce General Discussion - http://lists.phillylinux.org/mail/listinfo/plug