schales@photon.cs.tamu.edu (Douglas Lee Schales) (06/17/91)
In article <1991Jun17.020535.516@spatial.com> alek@spatial.com ( Alek O. Komarnitsky ) writes: In article <1150073@misty.boeing.com> jsadler@misty.boeing.com (Jim Sadler) writes: >/ misty:comp.sys.hp / dlr@hpcndm.CND.HP.COM (Dominic Ruffatto) / 8:10 am Jun 10, 1991 / >>Stefan Esser writes: >>(BTW: the NFS problems reported to HP support more than a year ago >>aren'tanswered yet !) >> >>I worked on NFS at that time. What was your problem? I may be able to help. > How about the ability to export sub-directories only. Not > complete file systems. >---------- My apologies if I've totally missed this one, but how about some options in the exports file? Specifically: -root=hostname... (and -ro). My current solution is using adb to map nobody to 0 in /hp-ux at boot time, but that's not desireable for obvious reasons. I inquired on this newsgroup a few weeks ago as to when (if) HP would upgrade to a more secure release of NFS, but received no replies. While we had a 720 demo machine here running HP-UX 8.0, I checked out the NFS security and found it to be nil for all practical purposes. It retains all of the known security holes from early NFS releases, including the fact that host credentials are obtained from the RPC credentials, instead of from the socket. This is trivially defeated and makes any system using this NFS an open target. Bypassing the mapping of uid 0 to nobody opens the system up for easy super-user access. So, are there any plans to ever move to a newer release of NFS? Doug. -- +---------------------------+ | Douglas Lee Schales | | schales@cs.tamu.edu | | Dept. of Computer Science | | Texas A&M University | +---------------------------+