From owner-freebsd-security  Tue Jan 30 17:38:39 2001
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id A535237B6A0
	for <freebsd-security@FreeBSD.ORG>; Tue, 30 Jan 2001 17:38:21 -0800 (PST)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id UAA58984;
	Tue, 30 Jan 2001 20:38:17 -0500 (EST)
	(envelope-from wollman)
Date: Tue, 30 Jan 2001 20:38:17 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200101310138.UAA58984@khavrinen.lcs.mit.edu>
To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>
Cc: freebsd-security@FreeBSD.ORG
Subject: nfsd lacks support for tcp_wrapper
In-Reply-To: <Pine.BSF.4.32.0101302048060.89689-100000@taygeta.dbai.tuwien.ac.at>
References: <Pine.BSF.4.32.0101302048060.89689-100000@taygeta.dbai.tuwien.ac.at>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Wed, 31 Jan 2001 02:10:19 +0100 (CET), Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at> said:

> Or are we just missing something?

A good deal, since NFS has access-control at a higher level built in
to the kernel.  mountd will do the right magic to tell the kernel what
your access-control list is.  (Of course, if someone sniffs your
mount-point file handles you're still toast.)

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message