"public NFS" on freedesktop.org ? / was: Re: [Xorg] Anon Ftp onfreedesktop.org?

Roland Mainz roland.mainz at nrubsig.org
Tue May 25 00:04:59 PDT 2004


Derek Fawcus wrote:
> > I'm much more comfortable with our current policy of having only 'nobody'
> > daemons talking on network ports -- the ftp daemon I was looking at is
> > 'oftpd' which supports only anonymous ftp and switches to 'nobody' before
> > accepting any FTP connections.  We've also hacked cvs pserver to start as
> > nobody.
> >
> > If there was a user-mode NFS server which could run as 'nobody', perhaps
> 
> Well if all that is required is read only access,  one could dig up the old
> user mode NFS server that Linux used to use,  and hack it about.

That's one option. Somewhere I have a JAVA-based NFS server floating
around which could be used, too (that would be the option for the people
who fear buffer overflows exploits *everywhere* =:-)
Another option would be to use "usermode linux" (which boots via NFS
from a read-only filesystem... that would give any attacker only control
over this sandbox in the worst case) and simply forward a NFS mount
(assuming the Linux kernel NFS server still supports re-exports of NFS
mounts...).

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz at nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 7950090
 (;O/ \/ \O;)




More information about the xorg mailing list