Installing 4.3-Tahoe on a VAX
Vernon Schryver
vjs at rhyolite.SGI.COM
Wed Sep 14 03:26:24 AEST 1988
In article <2841 at jpl-devvax.JPL.NASA.GOV>, lwall at jpl-devvax.JPL.NASA.GOV (Larry Wall) writes:
(concerning bin owning things)
> Not to mention NFS. You let me mount a /usr filesystem read/write with
> directories owned by "bin" and you've just destroyed any semblance of
> security. Not that NFS is all that secure to begin with...
People tend to just stuff all file systems into /etc/exports, without
bothering to mark them read-only. They tend to put '+' in hosts.equiv.
That works fine as long as root owns everything of power, since the
defaults have root not going thru hosts.equiv and being converted to some
notion of 'nobody' over NFS.
There is the new 'read-most' stuff in /etc/exports, but how many will use
it? How many will use 'nohide' and simply export /?
It may be possible to put together a secure system with bin owning things
(as secure as any UNIX system), but it certainly requires more care than
most users/adminsistrators are willing or able to give.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list