Bug#384922: NFS insecure without support for squashing multiple groups

[Steve Langasek <vorlon@debian.org>]

On Thu, Aug 31, 2006 at 01:05:41PM +1000, Paul Szabo wrote:
> > The last two points are true by default on Debian, but the first three
> > points are configuration decisions on the part of the NFS server
> > administrator.  I understand that you have reasons to export shares allowing
> > suid binaries in your own environment, but then you can also reconfigure
> > root's path or the permissions on /usr/local/* in that case.

> Sorry, the NFS server administrator does not really have control over the
> first point.

Of course they do; no NFS share is ever exported to a machine without the
admin explictly granting it in /etc/exports.

It happens to be very dangerous to share a filesystem via NFS between
systems that have different security contexts.  This does not make it a
critical bug for the kernel to not support a particular method of mitigating
this danger, or for nfs-utils to not enable it by default; it just means
that NFS may not be suitable for certain configurations as a result.

And in bug #299007, ugidd was also mentioned as a solution that would
provide everything that squash_gids would, and then some.

> Sorry, as I read Debian policy (and as discussed in #299007), I am not
> permitted to change root's PATH or change the permissions on /usr/local.

*You* are permitted to do either of these things.  Whether they will be done
by default in *Debian* is a separate question.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/