Re: [PLUG] NFS Question

[Leonard Rosenthol <leonardr@lazerware.com>]

At 12:52 PM 12/14/2001 -0500, gabriel rosenkoetter wrote:
> Huh? NFS is plenty secure, especially if you link it against
> libwrap, as any sane distro should these days. (Debian, for
> instance. All of the BSDs as well.) It won't give mounts to people
> you don't explicitly tell it to, and I certainly have heard about
> any currently-running nfsd exploits. Have you?

        Currently running, no.  But there is a LONG history of not just 
that, but also lower level exploits using buffer overruns and other 
unexpected behaviors in the file system mounter.


> If you're concerned about clear text data, you'll have to justify
> the overhead of encryption of network file system access over an
> internal network. The right place to protect that is at the border,

        Or at the stream level by using something like a VPN/SSH-tunnel.


> Anyway, your solution isn't one; Samba's "encryption" is a joke. (A
> joke who's punchline is "RC4!")

        No argument here!


> >          CIFS/SMB good (even if it was designed in Redmond)...
>
> That's totally insane. These are two Unix systems. Why should they
> use a network file system designed for Win32?

        Because the one "designed for Unix" is old and decrepit and in 
MAJOR need of modernization (hence the work on NFS 3)...


> If anything, AFS should replace NFS here. (And it *is* pretty well
> designed.)

        Or AFP/IP, if you really want something modern with security 
issues taken into account.


Leonard


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug