On Wed, 19 Mar 2008, Pat Riehecky wrote:
Don't use NFS. It is trivial to compromise the security of NFS - you simply need root on something, set your IP and su as needed. If the tactic is not clear poke me off list. NFS is never the answer outside of the data center.
Let's not unfairly slag off NFS here. Yes, NFS when configured to use AUTH_SYS trusts the client machine. But if you used krb5 with nfs it's a whole different ball game. Yes it's often not used in that way, but it worked with NFSv3, and it works with NFSv4. There are far cleverer criticisms you can have of NFSv3 than that. jh -- "An occupation is wrong, building a wall around these people is wrong, shooting children for throwing stones is wrong, stealing peoples land is wrong - that's not very complicated at all" -- Norman Finklestein -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
