From owner-freebsd-hackers Tue Oct 24 22:14:13 1995 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id WAA28013 for hackers-outgoing; Tue, 24 Oct 1995 22:14:13 -0700 Received: from tellab5.lisle.tellabs.com (tellab5.lisle.tellabs.com [138.111.243.28]) by freefall.freebsd.org (8.6.12/8.6.6) with SMTP id WAA28006 ; Tue, 24 Oct 1995 22:14:09 -0700 From: mikebo@tellabs.com Received: from tellabk.tellabs.com by tellab5.lisle.tellabs.com with smtp (Smail3.1.29.1 #4) id m0t7y9X-000jC3C; Wed, 25 Oct 95 00:13 CDT Received: by tellabk.tellabs.com (4.1/1.9) id AA12294; Wed, 25 Oct 95 00:13:26 CDT Message-Id: <9510250513.AA12294@tellabk.tellabs.com> Subject: Re: 2.1.0-951020-SNAP: Major bug in NFS again! To: davidg@Root.COM Date: Wed, 25 Oct 1995 00:13:25 -0500 (CDT) Cc: hackers@freebsd.org, bugs@freebsd.org In-Reply-To: <199510250338.UAA27854@corbin.Root.COM> from "David Greenman" at Oct 24, 95 08:38:46 pm X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 2852 Sender: owner-hackers@freebsd.org Precedence: bulk David G. wrote: > The client should ignore NFS packets from hosts that it's not talking to or > doesn't know about, and that's what all 4.4BSD derived OSs do. > OK... thanks for pointing this out. It's news to me. > >I can document this behavior in SunOS, Solaris and HP/UX if it will > >help strengthen the argument... > > This is obviously flamebait and I'm not going to respond to it. > I'm merely trying to make a case: that in order to use FreeBSD in a heterogenous (business) environment, it needs to work with NFS servers in the same way as commerical OSes. I didn't know this was a 4.4BSD-ism. > If you choose not to use my suggested work-around, then I guess you can't > use FreeBSD. OUCH! C'mon, is this how things are supposed to work around here? Your workaround will not work... the routes change on-the-fly! Just to find out _which_ server interface is currently responding requires the client admin to do a "netstat -r | grep destination-net" on the server, and then fix the client system. How do I create an automounter map or fstab that deals with this? Answer: Can't > ... For the NFS client, FreeBSD requires that replies to its RPC > requests come from the same address that they were issued to. ... I know that in some places such security is a necessity - but it's hard for me to picture one of my fellow engineers hand-tailoring RPC calls/replies to hack into a system they can walk up to and reboot with ... ;v) I can't dictate major changes in my corporate network to accomodate what is essentially a hobbyist system. If I can't make it work in that context, what is the likelyhood that this OS will be chosen for anything serious? I agree with the spirit in which the change was made, but let's be practical. If you can't make it work, what good is the security? > The best I could offer you would be a kernel option to disable this > security, but I'll say right now that this *won't* be in the 2.1 release. > I really appreciate that you would consider doing this! I know of at least one other site where this is a problem. I take it this could not simply be an option to mount? - Mike PS> I don't want to come off as being grumpy or confrontational. I like FreeBSD and appreciate all the hard work everyone here does for free. I've been an advocate of FreeBSD (been running it since 1.1), have a lot of time invested in it, and it steams me to think that I can't use it! Sorry for the length of the post. -- -------------------------------------------------------------------------- Michael Borowiec - mikebo@tellabs.com - Tellabs Operations Inc. Senior Member of Technical Staff 4951 Indiana Avenue, MS 63 708-512-8211 FAX: 708-512-7099 Lisle, IL 60532 USA --------------------------------------------------------------------------