"public NFS" on freedesktop.org ? / was: Re: [Xorg] Anon Ftp onfreedesktop.org?
Roland Mainz
roland.mainz at nrubsig.org
Tue May 25 00:04:59 PDT 2004
Derek Fawcus wrote:
> > I'm much more comfortable with our current policy of having only 'nobody'
> > daemons talking on network ports -- the ftp daemon I was looking at is
> > 'oftpd' which supports only anonymous ftp and switches to 'nobody' before
> > accepting any FTP connections. We've also hacked cvs pserver to start as
> > nobody.
> >
> > If there was a user-mode NFS server which could run as 'nobody', perhaps
>
> Well if all that is required is read only access, one could dig up the old
> user mode NFS server that Linux used to use, and hack it about.
That's one option. Somewhere I have a JAVA-based NFS server floating
around which could be used, too (that would be the option for the people
who fear buffer overflows exploits *everywhere* =:-)
Another option would be to use "usermode linux" (which boots via NFS
from a read-only filesystem... that would give any attacker only control
over this sandbox in the worst case) and simply forward a NFS mount
(assuming the Linux kernel NFS server still supports re-exports of NFS
mounts...).
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) roland.mainz at nrubsig.org
\__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer
/O /==\ O\ TEL +49 641 7950090
(;O/ \/ \O;)
More information about the xorg
mailing list