root@sun1.ruf.uni-freiburg.de (Martin Walter) (06/14/91)
With HP-UX you can mount a NFS filesystem, so that the remote device files are ignored. From the HP-UX MOUNT(1M) manual: ....... The nodevs option denies access to devices attached to the NFS client by causing attempts to read or write to NFS device files to return an error. This option seems to me very useful to close certain security holes. How can I get the same functionality on other unixes especially under SunOS 4.1.1 ? -- Martin Walter | Mail: mawa@sun1.ruf.uni-freiburg.de Rechenzentrum der Universitaet | University Computing Center Hermann-Herder-Str.10 | Phone: +49 761 203 4532 D-7800 Freiburg i.Br / Germany | FAX: +49 761 203 4122
jay@silence.princeton.nj.us (Jay Plett) (06/14/91)
In article <1991Jun13.213712.27559@sun1.ruf.uni-freiburg.de>, root@sun1.ruf.uni-freiburg.de (Martin Walter) writes: ... [ nodev mount option to disallow access to devices ] ... > This option seems to me very useful to close certain security > holes. How can I get the same functionality on other unixes > especially under SunOS 4.1.1 ? You (and the rest of us) talk it up at every opportunity. With the rapidly increasing prevalence of removable-media devices, this option is essential. We need the option; it needs to be a standard option to the mount command on every system. We need to let the vendors know that we need it. Don't ever again go to a cocktail party without bringing the subject up at least three times :-) Seriously, the topic needs "recognition". Enough so that it will penetrate the sales-weenies; then they will then get it done. ...jay