Subject: Re: NFS and privileged ports
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Bill Studenmund <wrstuden@netbsd.org>
List: tech-net
Date: 11/09/2004 08:14:39
--LZvS9be/3tNcYl/X
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Nov 08, 2004 at 10:08:40PM -0500, Thor Lancelot Simon wrote:
> On Mon, Nov 08, 2004 at 06:45:40PM -0800, Bill Studenmund wrote:
> > On Mon, Nov 08, 2004 at 09:18:37PM -0500, Thor Lancelot Simon wrote:
> > > I don't think it's silly; I rely on NFS only in environments in which=
I
> > > control the private interconnect it runs across and the kernels and
> > > environment on each machine that uses it.
> > >=20
> > > In that environment, the privileged port requirement does, in fact, b=
uy
> > > me "extra" security; in fact, it buys me "any security at all"; witho=
ut
> > > it, I cannot treat the machines as a single security domain, which is=
my
> > > intent; with it, barring a bug in the kernel, I can in fact do so, and
> > > do so safely.
> >=20
> > So then perhaps the thing to do is add the -resvport option, and add=20
> > a command arguement to set -noresvport as the option if not otherwise=
=20
> > specified?
>=20
> Why should your use case take precedence over mine?
Please read that again. Command arguement =3D=3D command line arguement.
Take care,
Bill
--LZvS9be/3tNcYl/X
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
iD8DBQFBkOzvWz+3JHUci9cRAi8/AJ0TpXQ4MtpyyKKZi0TaGmU34TtZlACeI18O
jdQ3OHmiwaMUdIBTO+Xogto=
=zov4
-----END PGP SIGNATURE-----
--LZvS9be/3tNcYl/X--