"public NFS" on freedesktop.org ? / was: Re: [Xorg] Anon Ftpon freedesktop.org?

Daniel Stone daniel at freedesktop.org
Tue May 25 06:57:58 PDT 2004 

On Tue, May 25, 2004 at 08:58:18AM +0200, Roland Mainz wrote:
> Erm... "sendmail" is every often hit because it is very popular. Some
> Linux distributions tried to avoid the issue and switched to "postfix" -
> and suddenly that MTA had lots of reports about exploits. So far the
> term "perfect security records" isn't much usefull.

Huh? How many security vulnerabilities has Postfix had? I recall only
one, which was a remote DoS - certainly not an arbitrary code execution,
and certainly not approaching the security nightmare that is NFS.

> > And what benefit does that provide? 
> 
> See above. People can use WebNFS shares without being root or any other
> modifications in their default setup. They simply to a CWD and use the
> files on ftp.x.org.

As opposed to WebDAV or FTP, whereby ...

> > Either way, the whole thing needs
> > to be taken from the server to their local machine.  FTP file systems
> > exist for UNIX so users can mount them and tools like cdrecord can
> > stream the file over the network (assuming you have burnfree or
> > something in use) and so on. 
> 
> Do you know how these ftp filesystems work in the background ? In the
> worst (usually the common... ;-( ) case they transfer the complete file
> to the client first, regardless whether you only need the first <n>
> bytes - try % find /path_to_ftp_filesystem | while read i ; do file "$i"
> ; done # and you'll see how silly the idea of a ftp filesystem is
> (unless the ftp server supports extensions for random seek+block
> reads... but that isn't covered by ftp daemons which implement only the
> features defined by the RFC for ftp).

So get an FTP daemon which implements this.

> > WebDAV is also available in the same way.
> 
> Please name me ONE Unix OS (except Linux) which can mount WebDAV shares.
> AFAIK neither Solaris nor AIX nor HP-UX can do that.
> And who claims that WebDAV is more secure than WebNFS in the scenario
> described above ?

FreeBSD fo'shaw, and the others can do it in userspace.

> > NFS doesn't offer anything useful over these in a read-only scenario.
> 
> See my first usage example above...

That's useless. We're only talking about providing tarballs and ISOs or
packages here - why on earth would you ever want to do that, anyway?

-- 
Daniel Stone                                            <daniel at freedesktop.org>
freedesktop.org: powering your desktop                http://www.freedesktop.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.x.org/archives/xorg/attachments/20040525/d06f3843/attachment.pgp>

More information about the xorg mailing list