Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!paladin.american.edu!gatech!news.mathworks.com!newsfeed.internetmci.com!news.sprintlink.net!in2.uu.net!polstra!not-for-mail From: jdp@polstra.com (John Polstra) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: More Questions Re: NFS install problem (2.0.5R) Date: 25 Aug 1995 14:08:54 -0700 Organization: Polstra & Co., Seattle, WA Lines: 60 Message-ID: <41le56$gpo@seattle.polstra.com> References: <40ul40$n2i@muenchen.photogrammetrie.de> <41cpmr$4pk@seattle.polstra.com> <41f8ht$612@bonnie.tcd-dresden.de> <41go8u$3h7@park.uvsc.edu> NNTP-Posting-Host: seattle.polstra.com In article <41go8u$3h7@park.uvsc.edu>, Terry Lambert <terry@cs.weber.edu> wrote: > j@bonnie.heep.sax.de (J Wunsch) wrote: > ] > ] John Polstra <jdp@polstra.com> wrote: > ] > ] (Use reserved port for NFS.) > ] > ] >I'm curious ... why is this even an option? Why not simply *always* use a > ] >privileged port for NFS during the install? That should work with any > ] >NFS server. > ] > ] Since the idea behind it is, ähem, braindead (and only used by Sun). > > What J"org means is that in most cases it's not necessary, it > doesn't actually enhance security, and you have a finite number > of priveledged ports you can use before you run out. > > So you don't want to burn one unnecessarily unless you have to > (ie: you are talking to a Sun machine). Oh, come on! There are 1023 reserved ports available. You don't run out until you're using all 1023 at the same time. We're talking about installation time! There most likely isn't even one other reserved port being used, let alone 1023. > it doesn't actually enhance security Presumably, that's why J"org called it "braindead." But, listen, it DID enhance security at the time Sun invented NFS. Back then, systems on the net were centrally administered, and it was a lot harder to get a privileged port. If somebody connected to you from a privileged port, you could be a little more confident that they were who they said they were. Granted, the idea no longer is effective. But at the time, it was the de facto standard "easy" way of getting a little security for your networked machines. It's not really fair to call it "braindead." Again, I ask, why does the user have to make a choice about this? You can either use a privileged port, or not. If you use a privileged port, you can talk to any kind of NFS server. If you don't, you can talk to only _some_ NFS servers. There is no extra cost associated with using a privileged port. So why burden the poor confused user with a decision that he really doesn't need to make? Look, this issue really isn't very important to me. There are larger issues in my life. I don't care whether the option is there or not. I only asked about it out of curiosity. It would have been fine with me if the answer had been, "Just because." But please, don't try to hand me a technical argument which you must realize is completely bogus. Besides ... I love FreeBSD! The installation package is great. It came up on my system without a hitch. It's been absolutely rock-solid ever since. The developers / maintainers have done a fantastic service to us all. Thanks! -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Self-knowledge is always bad news." -- John Barth