*BSD News Article 94721


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.ecn.uoknor.edu!solace!nntp.uio.no!newsfeed.nacamar.de!fu-berlin.de!news.th-darmstadt.de!news.swb.de!monad.swb.de!not-for-mail
From: okir@monad.swb.de (Olaf Kirch)
Newsgroups: comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.misc
Subject: Re: NFS with free bsd and linux
Followup-To: comp.os.linux.networking,comp.unix.bsd.freebsd.misc,comp.unix.bsd.misc
Date: 30 Apr 1997 01:16:39 +0200
Organization: Labordy Cyfrifiadureg Olaf
Lines: 21
Message-ID: <5k5vgn$aio@monad.swb.de>
References: <33658E27.3EAD@them.com> <01bc5478$ca8a4800$f3e94dc2@hugo09.ticsoft.de>
NNTP-Posting-Host: monad.swb.de
X-Newsreader: TIN [UNIX 1.3 950515BETA PL0]
Xref: euryale.cc.adfa.oz.au comp.os.linux.networking:77127 comp.unix.bsd.freebsd.misc:39963 comp.unix.bsd.misc:3118

Patrick M. Hausen (hausen@punkt.de) wrote:
: Use a priviledged port for the mount - it's an option to mount(8),
: something like -p or -P or similar.
: Have a look at the manual page, I'm typing this from memory ;-)
: 
: This is a - braindamaged, IMHO - way of Linux, Solaris an some
: other Unices to "enhance security".

You can see from the recent CERT advisory on BSD file handle guessing
that it's not such a bad idea after all to make the server check the
port number. If allowing your users to guess file handles _and_ present
them to the server no questions asked qualifies at all, then it's
for the `braindamaged' category.

While I agree that minimal security is not all we should aim for, it's
definitely better than none at all.

Olaf
-- 
Olaf Kirch         |
okir@monad.swb.de  |  Never trust a guy with a silicon brain.