Re: [DNG] NFS: was mounting /usr
On Wed, Dec 06, 2017 at 09:04:39PM +, Simon Hobson wrote: > Yevgeny Kosarzhevsky wrote: > > > Ok but this is not about NFS but about any FS that can be accessed over > > network. > > It may help to point out something that I didn't spot when I first came > across NFS. > > With SMB, AFS, FSoverSSH, etc, etc, etc the client authenticates to the > server as a specific user - and then the files accessible by that user are > available to the client (depending on setup, they may be accessible onto to > the one user, or to many users). > So if you have a multi-user client host, each user would need their own > mountpoint to a shared server - with access controls applied on the server > side. > > NFS is completely different. > The client mounts a share, and IIRC there is no authentication possible at > all - at least in earlier versions, not sure if it got added in later > versions. Once the client has mounted the share, it takes responsibility for > controlling access to the files. > So when user id 1234 tries to access a file, the client host applies the > permissions as though it was a local disk and allows or denies the access > accordingly. It should be fairly obvious that if you can't trust the client > host (ie be sure that user ID 1234 is really John Smith from Accounting) then > you have no security. What I missed when I used NFS ws an ability to remap user ID's between client and server. You got it for root, and root only -- as if access to root permissions is the only restriction that is relevant for security. Everyone that needed root access on any of the family's machines had it anyway. We needed to protect against accidents rather than attacks. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Le 06/12/2017 à 23:20, Steve Litt a écrit : On Tue, 5 Dec 2017 01:14:12 -0800 Rick Moen wrote: How NFS mount will make your system less secure? I'm not going to argue. Study NFS. In that case, what about running Samba Server on a Linux box, running Samba clients on another, and having all shares on the Samba Server only allow members of certain groups? Would that be any more secure than NFS? AFAIR, this describes pretty much NFSv4. Very different of previous versions. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On Wed, 6 Dec 2017 16:20:59 -0800 Rick Moen wrote: > Quoting Steve Litt (sl...@troubleshooters.com): > > > On Tue, 5 Dec 2017 01:14:12 -0800 > > Rick Moen wrote: > > > > > > How NFS mount will make your system less secure? > > > > > > I'm not going to argue. Study NFS. > > > > In that case, what about running Samba Server on a Linux box, > > running Samba clients on another, and having all shares on the > > Samba Server only allow members of certain groups? > > The most obvious disadvantage is that the permission/ownership model > for SMB is rather different. > https://www.samba.org/samba/docs/using_samba/ch09.html > https://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html > > It would be... interesting, but you wouldn't like it. > If you are going to quote something, quote something that is current: https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Quoting Steve Litt (sl...@troubleshooters.com): > On Tue, 5 Dec 2017 01:14:12 -0800 > Rick Moen wrote: > > > > How NFS mount will make your system less secure? > > > > I'm not going to argue. Study NFS. > > In that case, what about running Samba Server on a Linux box, running > Samba clients on another, and having all shares on the Samba Server > only allow members of certain groups? The most obvious disadvantage is that the permission/ownership model for SMB is rather different. https://www.samba.org/samba/docs/using_samba/ch09.html https://www.cyberciti.biz/tips/how-do-i-set-permissions-to-samba-shares.html It would be... interesting, but you wouldn't like it. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On Tue, 5 Dec 2017 01:14:12 -0800 Rick Moen wrote: > > How NFS mount will make your system less secure? > > I'm not going to argue. Study NFS. In that case, what about running Samba Server on a Linux box, running Samba clients on another, and having all shares on the Samba Server only allow members of certain groups? Would that be any more secure than NFS? And yes, I am aware of the irony of my asking this question, but it's been a long, long time, and things have changed and I've forgotten. SteveT Steve Litt December 2017 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Yevgeny Kosarzhevsky wrote: > Ok but this is not about NFS but about any FS that can be accessed over > network. It may help to point out something that I didn't spot when I first came across NFS. With SMB, AFS, FSoverSSH, etc, etc, etc the client authenticates to the server as a specific user - and then the files accessible by that user are available to the client (depending on setup, they may be accessible onto to the one user, or to many users). So if you have a multi-user client host, each user would need their own mountpoint to a shared server - with access controls applied on the server side. NFS is completely different. The client mounts a share, and IIRC there is no authentication possible at all - at least in earlier versions, not sure if it got added in later versions. Once the client has mounted the share, it takes responsibility for controlling access to the files. So when user id 1234 tries to access a file, the client host applies the permissions as though it was a local disk and allows or denies the access accordingly. It should be fairly obvious that if you can't trust the client host (ie be sure that user ID 1234 is really John Smith from Accounting) then you have no security. So NFS is good where you want lots of users to access a shared set of storage AND you have control of all the client hosts AND you have a means of keeping the users in sync. You only need one share/mount and all your users can access it using the normal Unix file permissions model. It obviously doesn't work when a client is not a system that really understands multiple users, or you can't control user IDs. So you can probably now see why many people consider NFS to be rather insecure - you HAVE to trust the client to apply file permissions correctly. As I'd learned networking on single user systems (a bit of Netware, a bit of Windows 3.1 and onwards, Macs from early days) I was used to the "user sits at machine, authenticates to server, server applies access controls" model. It needed someone to point out to me what the difference was with NFS before it made sense. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I have configured everything needed to boot using PXE using NFS as root-filesystem at home some months ago: http://dpa.li/pxeboot.mp4 I export the root filesystem of an lxc container read only using NFS. It's really convenient, I can install and remove anything I want in my lxc container, and all Systems I booted using PXE will have the new programs immediately. At the same time, the PCs can't make any changes on the root file systems. But I don't actually use it, I just created that system because I can. I guess it would be pretty useful for large companies, if it weren't so slow and insecure. I don't think I could use kerberos in that case, but even if I could, I wouldn't want to use it. It's just so overcomplicated, if I could just use it over TLS or SSH directly, without any tricks, it would be so much easier. I don't even need encryption in my case, a simple way to check if the datas came from the correct place and weren't altered would be sufficient, but the only thing there is to secure NFS is kerberos, the same thing used to secure all MS stuff, the thing best used together with Active Directory, I don't like that. I think what NFS really needs now are simpler alternatives to kerberos. But I don't think mounting just /usr using NFS is a good idea, not because of NFS, but because it's technically a removable media, it may not always be there, even worse, in this case, it may be used and changed by other machines. I think the main problem here is that the current package managers can't handle installing some parts of a software on a removable media. It would be cool to be able to just install some software on some usb sticks or something, and to add and remove them when the software is needed, without the package manager and possibly the rest of the system freaking out. -BEGIN PGP SIGNATURE- iQFIBAEBCAAyFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlooKZYUHG1lQGRhbmll bGFicmVjaHQuY2gACgkQcASjafdLVoH2DAf+MBqFuxsQC7AN2jaUW4s4QAZchZma We2qXOd9x/zoeN15/Mt/pmTviYS0u3H9LGZAApmXEkk/mwXw1rYgmhQdV8XmtRgE YOP3cbzfqlRb3YJlKmW53wLMupZr9/FmO3YIpQyaBx2ZkWxF1HRTUCwYFapQJ+l4 0oRZMiX/bKIDbJckiCkKNkeyPHjR74SNsb722G5i7UiaS9wQ/AeZkjNGQbXTt3Zw 9H9lwz4Erf5LLVL//6Smp/mRqBHLYU4iCG2TYZo4YlSDkioFnqLmBrhQQlL/JqDU jkBQrRQY2Y9W7JsBGUwr33TS9ASAVGBhAJgnyf1hJfuxl7+GZcn6Hdih9Q== =1hmx -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Le 06/12/2017 à 12:55, Alessandro Selli a écrit : On Wed, 6 Dec 2017 at 19:03:51 +0800 Yevgeny Kosarzhevsky wrote: On 6 December 2017 at 06:54, Alessandro Selli wrote: Any good reason to refuse NFS in favor of those? In short: no. Just be aware that NFS is as secure as the trusted networks it sits on. Any inside compromised machine can jeopardize the whole distributed filesystem. Ok but this is not about NFS but about any FS that can be accessed over network. Not quite. NFS up to and including version 3 is plagued by serious security weaknesses: lack of transmission security (data is transmitted unencrypted over the network), lack of integrity (no check on the transmitted and received data is performed at the session level, and NFS v3 is often run over UDP) and lack of user authentication/mapping. Most of these security concerns are addressed by NFSv4, which for the first time supports POSIX ACLs, RPC over port 2049 alone, authentication and encryption with built-in integrity checks. However this way you lose the main advantage of old NFS, that is network efficiency, that was due to the use of UDP as the transmission protocol. I am not seeing any danger with NFS especially for /usr or some volatile data storage used by several systems. I agree as long as you're using NFSv4 with good cryptography and user authentication enabled and firewall rules that keep out all machines that are not of the party. I would only consider NFSv3 for real-time critical uses when I can have NFS run on a private, dedicated network that was physically inaccessible by any third party. Or when I can have it run through a tunnel. NFS is one of Linux base features and I am glad I found understanding of it's importance from Devuan developers together with mountable /usr over NFS. I tend to agree, but I do mind it's complexity and I only deploy it when I need a permament distributed filesystem between machines in the same private network. And even then I never use it through WiFi connections. For all other uses I go for sshfs. My last deployment of NFS was on a DRBL test system, where I was using NFSv3 from a server that was delivering it from a physically separated, cabled network. UDP and lack of cryptography were a boon for the old PentiumIII clients, but I do not recommend such a layout for anything serious. As I understood, when someone says about NFS usage, most people get thinking that the one is going to expose it in internet to any host. Even in a private environment NFSv3 can lead to data sniffing/spoofing. Consider how widespread is the use of DSL modems and routers through which all data exchanged by the local machines goes, as well as the presence of WiFi APs. Anything that is not secured by good cryptography, user authentication and solid firewall rules is a security liability in such an environment. Last time I set up such an NFS service, I found NFSV4 overcomplicated and with a different paradigm wrt the good old NFS. I also got the feeling it had been hijacked by MS, and I chose NFSv3, much simpler and familiar. It is in a network which interconnects privately a few hosts sitting in the same room. Why would there be any DSL, wifi or what-else connected to this network? Most servers come with multiple NICs and connecting them with a private network is easy. The NICs on servers are automatically reversible (server/host), so that you can interconnect two servers with just one normal ethernet cable. When there are more, you need a switch and that's all. I always configure NFS to use TCP. I don't know what impact it has on performance. What is essential and tricky is to separate what is shared between hosts and what isn't. Clearly /run and part of /var/lib must not be shared. On diskless machines, I mount /run on tmpfs and use a symlink trickery crossing /run, to unshare some parts of /var/lib, such as hwclock, ntp, and urandom. And, of course, all syslogs are forwarded to a remote server. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On Wed, 6 Dec 2017 at 12:09:43 +0100 Didier Kryn wrote: > Le 06/12/2017 à 11:53, Alessandro Selli a écrit : >> On Wed, 6 Dec 2017 at 11:38:25 +0100 >> Didier Kryn wrote: >> >>> Le 05/12/2017 à 23:54, Alessandro Selli a écrit : On 05/12/2017 at 11:46, Yevgeny Kosarzhevsky wrote: [...] > Any good reason to refuse NFS in favor of those? In short: no. Just be aware that NFS is as secure as the trusted networks it sits on. Any inside compromised machine can jeopardize the whole distributed filesystem. >>> BTW, there's nothing secret in /usr. >>But you would mind a rogue node serving an NFS client of yours a >> malicious binary executable or library in place of the original one, >> wouldn't you? Privacy is just one, not the sole security concern. >> Integrity is, too. > > Sure. Lock the room :-) I just lock the network. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On Wed, 6 Dec 2017 at 19:03:51 +0800 Yevgeny Kosarzhevsky wrote: > On 6 December 2017 at 06:54, Alessandro Selli > wrote: > >> >> > Any good reason to refuse NFS in favor of those? >> >> In short: no. Just be aware that NFS is as secure as the trusted networks >> it >> sits on. Any inside compromised machine can jeopardize the whole >> distributed >> filesystem. >> > > Ok but this is not about NFS but about any FS that can be accessed over > network. Not quite. NFS up to and including version 3 is plagued by serious security weaknesses: lack of transmission security (data is transmitted unencrypted over the network), lack of integrity (no check on the transmitted and received data is performed at the session level, and NFS v3 is often run over UDP) and lack of user authentication/mapping. Most of these security concerns are addressed by NFSv4, which for the first time supports POSIX ACLs, RPC over port 2049 alone, authentication and encryption with built-in integrity checks. However this way you lose the main advantage of old NFS, that is network efficiency, that was due to the use of UDP as the transmission protocol. > I am not seeing any danger with NFS especially for /usr or some volatile > data storage used by several systems. I agree as long as you're using NFSv4 with good cryptography and user authentication enabled and firewall rules that keep out all machines that are not of the party. I would only consider NFSv3 for real-time critical uses when I can have NFS run on a private, dedicated network that was physically inaccessible by any third party. Or when I can have it run through a tunnel. > NFS is one of Linux base features and I am glad I found understanding of > it's importance from Devuan developers together with mountable /usr over > NFS. I tend to agree, but I do mind it's complexity and I only deploy it when I need a permament distributed filesystem between machines in the same private network. And even then I never use it through WiFi connections. For all other uses I go for sshfs. My last deployment of NFS was on a DRBL test system, where I was using NFSv3 from a server that was delivering it from a physically separated, cabled network. UDP and lack of cryptography were a boon for the old PentiumIII clients, but I do not recommend such a layout for anything serious. > As I understood, when someone says about NFS usage, most people get > thinking that the one is going to expose it in internet to any host. Even in a private environment NFSv3 can lead to data sniffing/spoofing. Consider how widespread is the use of DSL modems and routers through which all data exchanged by the local machines goes, as well as the presence of WiFi APs. Anything that is not secured by good cryptography, user authentication and solid firewall rules is a security liability in such an environment. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Le 06/12/2017 à 11:53, Alessandro Selli a écrit : On Wed, 6 Dec 2017 at 11:38:25 +0100 Didier Kryn wrote: Le 05/12/2017 à 23:54, Alessandro Selli a écrit : On 05/12/2017 at 11:46, Yevgeny Kosarzhevsky wrote: [...] Any good reason to refuse NFS in favor of those? In short: no. Just be aware that NFS is as secure as the trusted networks it sits on. Any inside compromised machine can jeopardize the whole distributed filesystem. BTW, there's nothing secret in /usr. But you would mind a rogue node serving an NFS client of yours a malicious binary executable or library in place of the original one, wouldn't you? Privacy is just one, not the sole security concern. Integrity is, too. Sure. Lock the room :-) Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 6 December 2017 at 06:54, Alessandro Selli wrote: > > > Any good reason to refuse NFS in favor of those? > > In short: no. Just be aware that NFS is as secure as the trusted networks > it > sits on. Any inside compromised machine can jeopardize the whole > distributed > filesystem. > Ok but this is not about NFS but about any FS that can be accessed over network. I am not seeing any danger with NFS especially for /usr or some volatile data storage used by several systems. NFS is one of Linux base features and I am glad I found understanding of it's importance from Devuan developers together with mountable /usr over NFS. As I understood, when someone says about NFS usage, most people get thinking that the one is going to expose it in internet to any host. -- Regards, Yevgeny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On Wed, 6 Dec 2017 at 11:38:25 +0100 Didier Kryn wrote: > Le 05/12/2017 à 23:54, Alessandro Selli a écrit : > > On 05/12/2017 at 11:46, Yevgeny Kosarzhevsky wrote: > > > > [...] > > > >> Any good reason to refuse NFS in favor of those? > > In short: no. Just be aware that NFS is as secure as the trusted networks > > it sits on. Any inside compromised machine can jeopardize the whole > > distributed filesystem. > BTW, there's nothing secret in /usr. But you would mind a rogue node serving an NFS client of yours a malicious binary executable or library in place of the original one, wouldn't you? Privacy is just one, not the sole security concern. Integrity is, too. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Le 05/12/2017 à 23:54, Alessandro Selli a écrit : On 05/12/2017 at 11:46, Yevgeny Kosarzhevsky wrote: [...] Any good reason to refuse NFS in favor of those? In short: no. Just be aware that NFS is as secure as the trusted networks it sits on. Any inside compromised machine can jeopardize the whole distributed filesystem. BTW, there's nothing secret in /usr. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 05/12/2017 at 11:46, Yevgeny Kosarzhevsky wrote: [...] > Any good reason to refuse NFS in favor of those? In short: no. Just be aware that NFS is as secure as the trusted networks it sits on. Any inside compromised machine can jeopardize the whole distributed filesystem. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 5 December 2017 at 18:16, Arnt Gulbrandsen wrote: > Yevgeny Kosarzhevsky writes: > >> I don't see that it will give lower security than any other FS in this >> case. >> > > Rick is trying to say: NFS has a poor reputation for accidental security > misconfigurations. Something about the way NFS is configured leads even > careful, clueful people to make configuration mistakes. > > NFS doesn't force you to make a mistake. Not at all. It just has a > reputation for being a bit of a trouble magnet. > > Don't Xen and its friends offer read-only device exports from the host? So > the the guest kernel can read a device from the host, but not modify it? > What is the reason to use it instead of NFS, especially if you run multiple hardware units? It will also need special utilities and won't work without some guest additions. Any good reason to refuse NFS in favor of those? -- Regards, Yevgeny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Yevgeny Kosarzhevsky writes: I don't see that it will give lower security than any other FS in this case. Rick is trying to say: NFS has a poor reputation for accidental security misconfigurations. Something about the way NFS is configured leads even careful, clueful people to make configuration mistakes. NFS doesn't force you to make a mistake. Not at all. It just has a reputation for being a bit of a trouble magnet. Don't Xen and its friends offer read-only device exports from the host? So the the guest kernel can read a device from the host, but not modify it? Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Quoting Yevgeny Kosarzhevsky (phao...@gmail.com): > For me NFS is helpful in cluster environments where each machine is a > replica of another one and they share the same data. It's terrific for that. I used to construct HPC clusters of that general description when I worked at VA Linux Systems and at California Digital Corporation, both of those being Linux hardware vendors. Your HPC clusters would of course live on a protect inside network. Part of the reason for that is that NFS is a bit of a security risk. > I don't see that it will give lower security than any other FS in this case. OK, I believe you. You don't see it. But I'm still not going to spend time arguing. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 5 December 2017 at 17:14, Rick Moen wrote: > > By 'nougat security model', I meant a network security model that is > fragile because of having no defence in depth, highly vulnerable in the > interior and defended only at the borders. This is a very widespread > problem, e.g., at many corporations that have total faith in their > firewalls and horribly dangerous practices behind it. > Thanks but you are talking about another case of NFS appliance which I did not consider. For me NFS is helpful in cluster environments where each machine is a replica of another one and they share the same data. I don't see that it will give lower security than any other FS in this case. And the ability export /usr in r/o mode will give higher security than local /usr mount. -- Regards, Yevgeny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Quoting Yevgeny Kosarzhevsky (phao...@gmail.com): > I don't know what's a 'nougat' security model, however I don't > understand what you mean. This was a semi-serious, semi-joke reference: Honestly, 'nougat' (orig. from the Latin 'nux' meaning nut, arriving in English via Occitan and then French) might not have been exactly the right English-language word, but I meant a type of confection with a hard shell and a very soft interior. (I'm not much of a sweets person.) By 'nougat security model', I meant a network security model that is fragile because of having no defence in depth, highly vulnerable in the interior and defended only at the borders. This is a very widespread problem, e.g., at many corporations that have total faith in their firewalls and horribly dangerous practices behind it. The use of NFS is arguably reasonable behind perimeter security, but should be noted as somewhat of a weak point within the inside network. As I was saying upthread, NFSv4 has improved this situation somewhat over its predecessors. > How NFS mount will make your system less secure? I'm not going to argue. Study NFS. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 5 December 2017 at 14:21, Rick Moen wrote: > Quoting Didier Kryn (k...@in2p3.fr): > > > the NFS connection across the world-wide Internet; it is always on a > > LAN and, given this, I don't see how it can be insecure. > ^^ > Ah, the 'nougat' model of security; hard on the exterior only, soft and > easily digestible once you get inside. Bon appetit! I don't know what's a 'nougat' security model, however I don't understand what you mean. If you get in the system with local /usr you can write there with root access. How would you write to read-only /usr mount in the same case? How NFS mount will make your system less secure? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Quoting Didier Kryn (k...@in2p3.fr): > I heard that YP aka NIS was a horrible security threat. NFS is > certainly not very secure either. But nobody considers establishing > the NFS connection across the world-wide Internet; it is always on a > LAN and, given this, I don't see how it can be insecure. ^^ Ah, the 'nougat' model of security; hard on the exterior only, soft and easily digestible once you get inside. Bon appetit! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Quoting k...@aspodata.se (k...@aspodata.se): > Sun's Yellow Pages is called NIS since a long time ago. And NIS is lately spelled 'LDAP'. ;-> NFSv4 is better and less gratuitously firewall-hostile than versions in days of yore. I still would carefully avoid exposing any NFS (what we traditionally called Nightmare File System, No Friggin' Security) to public networks. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Le 04/12/2017 à 20:30, Steve Litt a écrit : Back in my youth, the wise men told me that NFS was a horrible security threat unless you also used YP, which was too sophisticated for me to ever figure out. So these days I use sshfs, which is nice, but slower than a turtle dragging a railroad engine. Is NFS still a security problem? Does it still have that issue where you never knew what port it would listen on? Do you still need YP,and is YP as monumentally difficult as I remember it being? Are a lot of you using NFS? Do you feel safe doing so? I heard that YP aka NIS was a horrible security threat. NFS is certainly not very secure either. But nobody considers establishing the NFS connection across the world-wide Internet; it is always on a LAN and, given this, I don't see how it can be insecure. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
On 5 December 2017 at 03:30, Steve Litt wrote: > > Are a lot of you using NFS? Do you feel safe doing so? > Yes it happens in trusted networks. I don't see any additional security threat in this case. I also use it in some multiple virtual machines setup to minimize hard drive usage. It's also can be considered as trusted environment. -- Regards, Yevgeny ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Steve Litt writes: It appears you're using NFS. Back in my youth, the wise men told me that NFS was a horrible security threat unless you also used YP, which was too sophisticated for me to ever figure out. That's a long time ago and the world has changed. Back then, the big problem was that people used "world-readable" and even "world-writable" settings, then then the world turned out to be a big place. Someone with UID 1026 somewhere could come along and read/write all the files belonging to the intended UID 1026. I remember NFS-mounting someone's file systems on another continent and snarfing ungodly amounts of porn, it must have been in 1990 or 1991. The world has changed. Packet filters and firewalls are now the default. The risk that someone can come and impersonate UID 1026 isn't a major factor these days. Arnt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Steve Litt wrote: > Back in my youth, the wise men told me that NFS was a horrible security > threat unless you also used YP, which was too sophisticated for me to > ever figure out. So these days I use sshfs, which is nice, but slower > than a turtle dragging a railroad engine. > > Is NFS still a security problem? Does it still have that issue where > you never knew what port it would listen on? Do you still need YP,and > is YP as monumentally difficult as I remember it being? > > Are a lot of you using NFS? Do you feel safe doing so? At my last place I used NFS to share a mailstore between several mail servers - no problems. It was quite a few years ago that I set it up, and I no longer have access to the systems since they made me redundant, but I'm sure I nailed it down to fixed ports. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] NFS: was mounting /usr
Steve Litt: > On Mon, 4 Dec 2017 23:12:59 +0800 > Yevgeny Kosarzhevsky wrote: ... > > ~# ldd /sbin/mount.nfs|grep usr > > It appears you're using NFS. > > Back in my youth, the wise men told me that NFS was a horrible security > threat unless you also used YP, which was too sophisticated for me to > ever figure out. So these days I use sshfs, which is nice, but slower > than a turtle dragging a railroad engine. Suns yellow pages is called nis since long time ago. > Is NFS still a security problem? NFS security model treated hosts, network and root as trusted, which doesn't match the reality today. Maybe nfs v4 and kerberos solves part of the problems. If you don't trust the network, perhaps running it over a tunnel will help. > Does it still have that issue where you never knew what port it > would listen on? You use portmap for that. > Do you still need YP,and is YP as monumentally difficult as I > remember it being? I don't think you ever needed nis. If you want help with nis, please ask on the list. > Are a lot of you using NFS? Do you feel safe doing so? It happens, not regulary. Regards, /Karl Hammar --- Aspö Data Lilla Aspö 148 S-742 94 Östhammar Sweden +46 173 140 57 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng