Bug#384922: nfs-kernel-server: root_squash is broken
retitle 384922 NFS insecure without support for squashing multiple groups
tags 384922 security
severity 384922 critical
thanks
Dear Steinar,
> ... You may want to actually talk to the NFS kernel server people ...
Huh? I thought that is what have I been doing until now! (Oops, my mistake,
package nfs-kernel-server does not come close...)
Funny: you meekly accept that NFS is hopelessly insecure and no security
conscious person will ever use it. Do you not find that offensive? (Not my
comment: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299007;msg=276 .)
Funny: all it would take is a tiny policy change, to be permitted to drop
/usr/local things from root's PATH, or to remove group staff writability
from those things. Everyone seems to know those should be done...
Thanks for your help,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: