Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!news.mira.net.au!news.mel.connect.com.au!munnari.OZ.AU!news.ecn.uoknor.edu!solace!nntp.uio.no!news.cais.net!news.mathworks.com!newsfeed.internetmci.com!in1.uu.net!news.artisoft.com!usenet From: Terry Lambert <terry@lambert.org> Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Can FreeBSD mount Netbeui volumes? Date: Sat, 11 May 1996 14:58:52 -0700 Organization: Me Lines: 42 Message-ID: <31950D9C.15C6228A@lambert.org> References: <postmaster-0905961001120001@206.65.200.5> <319404CD.33E93F68@lambert.org> <4n1urr$rjj@uriah.heep.sax.de> NNTP-Posting-Host: hecate.artisoft.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 2.01 (X11; I; Linux 1.1.76 i486) J Wunsch wrote: ] ] Terry Lambert <terry@lambert.org> wrote: ] ] > Linux supports mounting remote shares as a file system as well ] > -- with system level security, which is a big, big security ] > hole. FreeBSD doesn't , not because it isn't possible, but ] > because of the security considerations. ] ] To be fair: And because nobody got round to implement it. I ported the smbclient code as an FS a while ago. It's almost trivial -- mostly grunt work and interface pounding, really. But the security model in BSD (and UNIX, in general) needs to change for it to be practical for anything but single user machines not offering authentication services (telnet/rlogin/ftp/ http/gopher/nfs/etc.). ] However, the security considerations are to be taken serious. ] I could however think of a model where an SMB file system can ] be used to access all the services marked `public'. You could, but it redefines public from meaning "accessable to any authenticated user" to meaning "accessable to any user, authenticated or not". Because the UNIX box would authenticate once and could credential gateway by proxy any user from the internet or dialup lines onto the thing. Which violates the credential model in SMB (which doesn't support the concept "proxy"). Any time you start permitting proxy when "emulating" a DOS client to a network server (LANMan, NetWare, ATP, etc.), you break security. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.