On Thu, 7 Nov 2002, Ed Wilts wrote:
> I used 0/0 as an example. If you choose to map source uid/gid of
> 500/500 to local uid/gid 600/600, then you still trust the remote
> system's view of who 500/500 is. root_squash does not help you here.
root_squash and all_squash are mapped automatically to nobody. Sure, you
could override that, but then you can stick a gun barrel in your mouth,
too; doesn't mean it's wise, and the fault doesn't lay with the gun.
If the nobody account does not have privelege, where is the problem? Who
cares if the client claims to be root, or Fred Flintstone? Either way,
they get the priveleges of nobody.
Note that I'm not claiming NFS and RPC are secure. They both have plenty
of problems. But the services can be locked down, and safely made
available in environments where due diligence is maintained.
A well-patched system, with the proper squashing and read-only exports
whenever possible, netgroups properly defined, tcpwrappers properly
configured, and a pro-active system administrator, can run NFS without
getting hacked on a regular basis. It *does* take effort, though, and as
you pointed out, you need to monitor all the NFS-connected systems, and
not just the server.
--
"Whenever I feel blue, I start breathing again."
- Unknown
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
