RFS is by far better that NFS!
Steve Dyer
dyer at spdcc.COM
Sat Dec 16 16:55:44 AEST 1989
Yes, it's true. An amazingly big security hole once you
start thinking about it. I thought that Sun had some
"secure RPC" feature in recent releases which suffices
to limit its impact, but I don't know the details.
At Project Athena, we added a small amount of code to our
NFS servers such that every uid (not just root) is mapped
to "nobody" unless that uid/IP address pair has a "uid
mapping structure", a new data structure residing in the
NFS server kernel. UID mapping structures are securely
installed on the server using a new rpc.mountd RPC call
which uses the Kerberos authentication system. We have
an application which runs on the client called "attach"
which integrates name service, authentication and the mount
protocol.
--
Steve Dyer
dyer at ursa-major.spdcc.com aka {ima,harvard,rayssd,linus,m2c}!spdcc!dyer
dyer at arktouros.mit.edu, dyer at hstbme.mit.edu
More information about the Comp.unix.i386
mailing list