Kyle McDonald wrote: >> If you can write to the filesystem, you can create a symlink >> to point to your own secret stash of trojan-enables binaries >> via /net. In what way is this different?
> I know I always disable /net. Will this re-open an equivalent that I > can't disable? No. The point [of the follow-on NFS case] is to move the automounter-based namespace processing to the server, by use of referrals. The symlinks will not be usable unless the key they carry can be looked up in some kind of infrastructure, e.g. an LDAP server. If you use the automounter, you rely on other systems data correctness in a comparable way. Rob T
