From owner-freebsd-security  Wed Nov 24  8:41:55 1999
Delivered-To: freebsd-security@freebsd.org
Received: from norampac.com (norampac.com [207.164.26.36])
	by hub.freebsd.org (Postfix) with SMTP id D1FC61522E
	for <security@FreeBSD.ORG>; Wed, 24 Nov 1999 08:41:33 -0800 (PST)
	(envelope-from pccb@yahoo.com)
Received: from yahoo.com
	([191.1.50.105])
	by HQ1.norampac.com; Wed, 24 Nov 1999 11:40:18 -0500
Message-ID: <383C13F2.D3285A71@yahoo.com>
Date: Wed, 24 Nov 1999 11:36:02 -0500
From: Pierre Chiu <pccb@yahoo.com>
Organization: Norampac Inc.
X-Mailer: Mozilla 4.7 [en] (WinNT; U)
X-Accept-Language: en
MIME-Version: 1.0
To: security@FreeBSD.ORG
Subject: NFS Question
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Just need to clarify something here.

I read some articles that discuss how easy to hack a box running a
mis-config NFS server or exploit some NFS holes.

Based on that, for every new installation, I always enter "NO" for NFS
during installation, and comment out the NFS file system in the kernel
and recompile it.

Now, am I going too far? Or the default installation is already secure?
I don't have the answer and need some input.

These days, a lot of freebsd boxes are standalone and there is no need
to share filesystem with another *unix box. For those guys who need it,
I am pretty sure they knew how to turn this baby on.

Peace =)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message