Re: NFS client and untrusted server
On Fri, 24 Nov 2017 21:44:56 -0500
Roberto C. Sánchez wrote:
> NFS is a very old protocol that very likely has as yet undiscovered
> vulnerabilities. I would expect that the likelihood of there being
> even a theoretical vulnerability that would allow a malicous user on
> the server to gain access to a client would be very low.
Ok. I wasn't sure because it seems rather complex with all this RPC
stuff.
> However, I think you are going about this all wrong. A backup script
> or program would have to touch/examine every file to determine its
> age, MD5 sum, or whatever other feature drives the backup/no-backup
> decision. NFS is actually a terrible protocol for this sort of thing.
Ok, [1] for example says it's factor two compared to iSCSI.
> That is likely to be more secure and I can practically guarantee it
> will have better performance.
That's probably better. I was thinking about NFS because I don't have
enough disks on the backup server. Those files should go to tape.
Thank you for your quick reply!
- Chris
[1]
https://www.usenix.org/legacy/publications/library/proceedings/fast04/tech/full_papers/radkov/radkov_html/head.html
Reply to: