Date: Mon, 14 Dec 2020 08:57:03 +0100 From: Alexander Leidinger <Alexander@leidinger.net> To: freebsd-fs@freebsd.org Subject: Re: Major issues with nfsv4 Message-ID: <20201214085703.Horde.gA1tADBpbqeZbvgO3plk1f-@webmail.leidinger.net> In-Reply-To: <YQXPR0101MB09680D155B6D685442B5E25EDDCA0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> References: <CABXB=RRB2nUk0pPDisBQPdicUA3ooHpg8QvBwjG_nFU4cHvCYw@mail.gmail.com> <YQXPR0101MB096849ADF24051F7479E565CDDCA0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM> <CABXB=RSyN%2Bo2yXcpmYw8sCSUUDhN-w28Vu9v_cCWa-2=pLZmHg@mail.gmail.com> <YQXPR0101MB09680D155B6D685442B5E25EDDCA0@YQXPR0101MB0968.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format and has been PGP signed. --=_Q0_GaX2mtXoTVaWwq6I6wBY Content-Type: text/plain; charset=utf-8; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Quoting Rick Macklem <rmacklem@uoguelph.ca> (from Fri, 11 Dec 2020=20=20 23:28:30=20+0000): >> While it's certainly possible to configure NFS not to require reserved >> ports, the slightest possibility of a non-root user establishing a >> session to the NFS server kills that as an option. > Personally, I've never thought the reserved port# requirement provided > any real security for most situations. Unless you set "vfs.usermount=3D1" > only root can do the mount. For non-root to mount the NFS server > when "vfs.usermount=3D0", a user would have to run their own custom hacke= d > userland NFS client. Although doable, I have never heard of it being done= . 22 years ago I wrote an userland NFS client (it triggered my first=20=20 contribution/bugfix=20to rpcgen in FreeBSD which was MFCed to FreeBSD=20=20 2.2.8)=20as an university project (an exprimental computer with PRAM=20=20 technology=20didn't had a network stack but a host-interface to a=20=20 controlling=20server, and people wanted to access network shares, so the=20= =20 controling=20host was a NFS proxy, and I did this with a NFS userland=20=20 client).=20IIRC it was NFSv3. I had a little test-tool with a CUI in=20=20 which=20I was able to interactively list directories and open files (I=20= =20 used=20that for testing). As this more or less was my first software=20=20 project=20I realized alone, and it was scheduled to be something to be=20= =20 realized=20with a few man-hours per week during half a year, I would say=20= =20 it=20is easy to do for someone with interest / motivation. Bye, Alexander. --=20 http://www.Leidinger.net=20Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF --=_Q0_GaX2mtXoTVaWwq6I6wBY Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJf1xrPAAoJEBINsJsD+NiGT4MQAIfMGk5j/6dJ5mp/99/6LtpR 0wiCPNXGdvYjKb/Ws5lsqKeGZVKQmLh7M2aIyUBC8UeoIuE4Itxbieouw1f+zpIo rNZUdyGCUmiZUVbCPvVd4s4OEhCRU1U0+8UQIV2F+BpW43vnq5zEfXUzTJG1nbXF SwG+zePQbvawX6rMZWVsGfBaSlg2Hk2GQf2hxsQ8hXRYc3MTI6RS/RrQSRyLi1QC RIz79UhrBmKa5PV5DGQG5Cx2VwTNFkG9I3zgjnx1eX7BwSLG6o52OXdvdGdDd/02 AufedYciwy3Vz7/Z8e3/pOhGkCXnvJfcdIAUZ+BGjoBL7msBJ796cuEQ01FLPNyp h9KgMNPqpoJhzpRb5seyRkb7w1kg0nE8lianLslvMFMn3y1eGpNx2wO7W+aad9Gx gHtVYNp7AfzqBJxAZyTFufNVSv62zv6umIz455c7jpWhbV7kViP0vYpPXiUTwUIX sKUCzFMOC6DJEelKVD8Ne2LFlaCGlVm51xm/EAmyWbS3hBrvJjkZ2HznOmv+GOVS sFUj1bOxncvcrChoL6Zh6XYIdtHadsS7QigW3I7HuYo6/gltyjEXfkmVkS15QvnJ UpDTlNMuploa0hQzZkktG1FPw49DHFeu7Yj0xkJtur6+YubgE1lipJtJqJVKcp19 8ZL1DZBCE4W6j6VE7qSc =eeyk -----END PGP SIGNATURE----- --=_Q0_GaX2mtXoTVaWwq6I6wBY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201214085703.Horde.gA1tADBpbqeZbvgO3plk1f->