[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems with root on network clients

erbenson> NFS is insecure, deal with it.

Such as use something besides NFS that is secure; the options are thin
and immature, but you may still look around because I have a feeling
there may be a good match, if you're willing to sacrafice admin time
to the task.  For instance, I'm curious if CODA has played this trick.
They talk about distribution, security, etc.  Plus, administration of
local disk caches could become really easy with CODA -- 4GB disk
cache, now that's nice; it's as if you only really have one machine in
some administrative senses.  Now, somebody tell me if I'm wrong.
There is a whole page of Linux filesystems besides EXT2 and NFS out
there someplace.  Find it and take a good research if you have the

Once you make yourself vulnerable to physical host takeover and make
yourself secure from that, you have definitely got yourself a few
rungs up.  Otherwise, another thing I can suggest is hide the floppies
(I mean, take them out).  Floppies are a mess anyway, and we shouldn't
need them.  This does not make it impossible to install a new floppy.
You could scratch out the IDE leads to the floppy cable, and make the
machine less valuable.

By floppy, I mean floppy disk drive, not floppy disk, which I know is
incorrect usage, but then again I hate floppies in general and think
they're the plague (I haven't depended on them ever since 1984 when I
got a modem).

Attachment: pgpnstWoR8gn8.pgp
Description: PGP signature

Reply to: