Re: Is NFS export r/o safe from lan to dmz?

To: debian-user@lists.debian.org
Subject: Re: Is NFS export r/o safe from lan to dmz?
From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>
Date: Mon, 3 Mar 2008 21:00:34 +0100
Message-id: <[🔎] 20080303200034.GJ26792@ibook99>
Reply-to: pinkof.pallus@tiscalinet.it
In-reply-to: <[🔎] 20080303170332.GD6458@titan.hooton>
References: <[🔎] 20080303170332.GD6458@titan.hooton>

On Mon, Mar 03, 2008 at 12:03:32PM -0500, Douglas A. Tutty wrote:
> Wouldn't a chrooted ftp server do the same thing?  

ftp is a intrinsecally more complex protocol than http (see the problems
for firewalls with active/passive ftp; see the bounce scan possibilities
of the protocol, so that even the OpenBSD ftpd cannot fully implement
that part of the ftp protocol defined by the rfc; ...).

Moreover, the security history of ftp daemons is worse than the security
history of http daemons (and it is possibly even worse than the security
history of portmap/nfsd)

A _simple_ _mimimalistic_ implementation of a _simple_ protocol (by a
competent programmer) quite possibly has less programming errors than a
more complex program ("if debugging puts bugs out of programs, them
programming must put bugs in").

-- 
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.

Reply to:

Follow-Ups:
- Re: Is NFS export r/o safe from lan to dmz?
  - From: "Peter Teunissen" <oneman@onemanifest.net>

References:
- Re: Is NFS export r/o safe from lan to dmz?
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: Probably very stupid script/bash question
Next by Date: Virtual Dedicated Server based on Debian Etch
Previous by thread: Re: Is NFS export r/o safe from lan to dmz?
Next by thread: Re: Is NFS export r/o safe from lan to dmz?
Index(es):
- Date
- Thread