Major issues with nfsv4
Alexander Leidinger
Alexander at leidinger.net
Mon Dec 14 07:57:35 UTC 2020
Quoting Rick Macklem <rmacklem at uoguelph.ca> (from Fri, 11 Dec 2020
23:28:30 +0000):
>> While it's certainly possible to configure NFS not to require reserved
>> ports, the slightest possibility of a non-root user establishing a
>> session to the NFS server kills that as an option.
> Personally, I've never thought the reserved port# requirement provided
> any real security for most situations. Unless you set "vfs.usermount=1"
> only root can do the mount. For non-root to mount the NFS server
> when "vfs.usermount=0", a user would have to run their own custom hacked
> userland NFS client. Although doable, I have never heard of it being done.
22 years ago I wrote an userland NFS client (it triggered my first
contribution/bugfix to rpcgen in FreeBSD which was MFCed to FreeBSD
2.2.8) as an university project (an exprimental computer with PRAM
technology didn't had a network stack but a host-interface to a
controlling server, and people wanted to access network shares, so the
controling host was a NFS proxy, and I did this with a NFS userland
client). IIRC it was NFSv3. I had a little test-tool with a CUI in
which I was able to interactively list directories and open files (I
used that for testing). As this more or less was my first software
project I realized alone, and it was scheduled to be something to be
realized with a few man-hours per week during half a year, I would say
it is easy to do for someone with interest / motivation.
Bye,
Alexander.
--
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild at FreeBSD.org : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-fs/attachments/20201214/502de509/attachment.sig>
More information about the freebsd-fs
mailing list