From owner-freebsd-questions@FreeBSD.ORG Wed Apr 1 07:36:18 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F7841065673 for ; Wed, 1 Apr 2009 07:36:18 +0000 (UTC) (envelope-from pprocacci@datapipe.com) Received: from EXFESMQ01.datapipe-corp.net (exfesmq01.datapipe-corp.net [64.106.130.69]) by mx1.freebsd.org (Postfix) with ESMTP id EE5D38FC0A for ; Wed, 1 Apr 2009 07:36:17 +0000 (UTC) (envelope-from pprocacci@datapipe.com) Received: from [10.5.21.2] (192.168.128.24) by EXFESMQ01.datapipe-corp.net (64.106.130.71) with Microsoft SMTP Server (TLS) id 8.1.340.0; Wed, 1 Apr 2009 03:35:11 -0400 Message-ID: <49D31922.4040705@datapipe.net> Date: Wed, 1 Apr 2009 02:34:58 -0500 From: Paul A Procacci User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: "freebsd-questions@freebsd.org" Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Subject: mountd requests X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Apr 2009 07:36:18 -0000 Hey All, We have a shared nfs machine that is used between multiple client machines. While this in itself is ok, any client that issues a `showmount` command can see the other mounts that are currently established. I can't for the life of me figure out how this is a good thing. I big security related `no no` comes to mind whenever I see all mounts from all clients returned back to me from a client. Now, mountd doesn't have a `secure` option to turn this off, but I have developed an untested patch for doing this. I think the reasonable default behavior would be to return only mounts that the physical host making the request currently has established. I guess my real question is, has anyone ever been concerned by this? ~Paul This message may contain confidential or privileged information. If you ar= e not the intended recipient, please advise us immediately and delete this = message. See http://www.datapipe.com/emaildisclaimer.aspx for further info= rmation on confidentiality and the risks of non-secure electronic communica= tion. If you cannot access these links, please notify us by reply message a= nd we will send the contents to you.