Date: Fri, 15 Nov 1996 18:42:49 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: marck@pluscom.cronyx.ru (Dmitry Morozovsky) Cc: freebsd-security@freebsd.org Subject: Re: NFS Server, is it secure? Message-ID: <199611152342.SAA29894@homeport.org> In-Reply-To: <199611151516.SAA07972@pluscom.cronyx.ru> from Dmitry Morozovsky at "Nov 15, 96 06:16:53 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Morozovsky wrote: | Mark Newton wrote: | > Well, yes -- NFS is basically never "secure" on any platform. The | > NFS protocol was never designed with security in mind. | | > If you know (or can guess) the NFS filehandle for an NFS filesystem | > root then you can spoof the protocol for a start. | | > Firewall your NFS server: Its services should not be reachable from | > the Internet-at-large. | | Is NFS server with no exports with write permissions vulnerable too? It depends if you're keeping confidential information on the server. But if you're going to export it read only, might as well put it on the web. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611152342.SAA29894>