"public NFS" on freedesktop.org ? / was: Re: [Xorg] Anon Ftp onfreedesktop.org?
Sean Middleditch
elanthis at awesomeplay.com
Mon May 24 10:06:12 PDT 2004
On Mon, 2004-05-24 at 12:54, Roland Mainz wrote:
> Keith Packard wrote:
> > > ... when we are thinking about this... what about having a "public NFS"
> > > server, too (which means: People can mount a certain directory (like the
> > > root dir of the ftp space) _READ_ _ONLY_ ?
> >
> > There have been too many remote root exploits of RPC and NFS for me to be
> > comfortable with this.
>
> Erm... you only have to open the NFS port in the kernel firewall so
> other RPC services are not affected. And there are far more exploits out
NFS itself is an RPC service, and the core RPC service itself has been
severely flawed in the past. Opening *any* service that uses RPC is
dangerous.
> there for ftp deamons than the NFS deamon (this issue isn't really that
That is an fairly worthless statement. ;-) There have been a lot of
security flaws in a certain FTP daemons, yes. That has absolutely no
effect on whether the NFS daemon is secure or not. Comparing apples and
buicks.
> security sensitive since there are a couple of public NFS servers for
> Debian packages...) ... :)
And there are plenty of Windows users connecting their home machines
right into a cable modem with no firewall and sharing their hard-drives
with everyone on their local block over CIFS. Doesn't mean it's good
practice.
>
> ----
>
> Bye,
> Roland
--
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
More information about the xorg
mailing list