From owner-freebsd-security Wed Mar 12 07:31:00 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id HAA19532 for security-outgoing; Wed, 12 Mar 1997 07:31:00 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id HAA19080; Wed, 12 Mar 1997 07:25:37 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM) id AA18864; Wed, 12 Mar 1997 10:25:11 -0500 Date: Wed, 12 Mar 1997 10:25:11 -0500 From: Garrett Wollman Message-Id: <9703121525.AA18864@halloran-eldar.lcs.mit.edu> To: Guido van Rooij Cc: freebsd-security@freebsd.org, core@freebsd.org Subject: Re: NFS security issue... In-Reply-To: <199703121303.OAA19396@gvr.win.tue.nl> References: <19970312011954.205.qmail@char-star.rdist.org> <199703121303.OAA19396@gvr.win.tue.nl> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: >> Once we know how to do that, the change to sys/nfs/nfs_socket.c to check >> privileged ports if "net.inet.nfs.secure" is on is trivial, and can be >> committed and tested immediately. >> > Well it is really straightforwrad to do. In fact I had it lying around. Except, of course, that it doesn't belong under net, it belongs under [v]fs.nfs. At this point, you may want to fix P-HK's breakage of sysctl variables for LKM filesystems. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick