Bug#384922: nfs-kernel-server: root_squash is broken

To: 384922@bugs.debian.org, sgunderson@bigfoot.com
Cc: control@bugs.debian.org
Subject: Bug#384922: nfs-kernel-server: root_squash is broken
From: Paul Szabo <psz@maths.usyd.edu.au>
Date: Wed, 30 Aug 2006 20:08:33 +1000
Message-id: <[🔎] 200608301008.k7UA8X2Z006983@asti.maths.usyd.edu.au>
Reply-to: Paul Szabo <psz@maths.usyd.edu.au>, 384922@bugs.debian.org
In-reply-to: <20060830085815.GA4573@uio.no>

retitle 384922 NFS insecure without support for squashing multiple groups
tags 384922 security
severity 384922 critical
thanks

Dear Steinar,

> ... You may want to actually talk to the NFS kernel server people ...

Huh? I thought that is what have I been doing until now! (Oops, my mistake,
package nfs-kernel-server does not come close...)

Funny: you meekly accept that NFS is hopelessly insecure and no security
conscious person will ever use it. Do you not find that offensive? (Not my
comment: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299007;msg=276 .)

Funny: all it would take is a tiny policy change, to be permitted to drop
/usr/local things from root's PATH, or to remove group staff writability
from those things. Everyone seems to know those should be done...

Thanks for your help,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Processed: Re: nfs-kernel-server: root_squash is broken
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: Bug#385284: Serial controller Timedia stop work on new kernel
Next by Date: Processed: Re: nfs-kernel-server: root_squash is broken
Previous by thread: Processed: Re: Bug#385284: Serial controller Timedia stop work on new kernel
Next by thread: Processed: Re: nfs-kernel-server: root_squash is broken
Index(es):
- Date
- Thread