On Thu, 15 Apr 1999, Theodore Y. Ts'o wrote:
>
> Date: Thu, 15 Apr 1999 16:07:35 -0700 (PDT)
> From: David Lang <dlang@diginsite.com>
>
> As for the NFS issue, there are situations where NFS can be used in a
> (at least semi)secure environment. If the NFS traffic is on a dedicated
> LAN (often done for performance anyway) then the only way that NFS can be
> a problem is if one of your machines in hacked into anyway. The ability to
> use capabilities on NFS mounted files would significantly help in server
> farm situations.
>
> So if I can manage to hack into one of your machines, (say, the one
> which is running the sendmail that didn't get updated to fix the
> sendmail security bug of the week) I get to break into all of the
> rest?!?
>
> This is real security? I think not.
But if we are using capabilities on all the machines, hacking into
sendmail won't give you this sort of access (or am I misunderstanding what
we are after here?)
>
> A real world example. you setup a web server farm with the common
> files/binarys NFS mounted.
>
> Disk space is cheap these days. $300 USD will buy you 20 gigabytes of
> space; a complete Linux system worth of binaries is maybe 1, 2 gigs tops
> for a fully loaded system. If you're not willing to pay $15-30 extra
> per server so that each system can have its own copy of its system
> software, you're not serious about your system security.
>
> Besides, running your server farm with standalone disk increases your
> performance and your robustness, since you remove a single point of
> failure. (If your NFS server crashs, your entire server farm goes out.)
>
The reason to use the NFS server is not cost (A good, redundant NFS server
can be very expensive) the reason is ease of management, if you only have
one copy of the data the possibility that different servers have different
info just isn't there.
> This is why requiring NFS support is a real red herring as far as
> capabilities are concerned.
>
Different people have different opinions.
> - Ted
>
David Lang
"If users are made to understand that the system administrator's job is to
make computers run, and not to make them happy, they can, in fact, be made
happy most of the time. If users are allowed to believe that the system
administrator's job is to make them happy, they can, in fact, never be made
happy."
- -Paul Evans (as quoted by Barb Dijker in "Managing Support Staff", LISA '97)
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEVAwUBNxdrYT7msCGEppcbAQGTYgf/a/tW2C0+z78yA84FbARuqVEITRoxsUaK
L/Qc4zWvqtk6P+ARxlIuW7FxBm5oUQ187yrihVWBL1T8lQ1L3vOsqyRRtgKlAQQ+
9XS0ISnU2/r3h+tzjxtM4vPoPhF4l/PjxTMTkJ3gvHxjc4JdF309tuSAPTmYxKT2
Kf/sKnwam4QBqRcqqG4KFcqSzeNFUtnLVOCGX96nkJ3PV/jNu95MkdiXe1I/NY0o
w80rAsL/bywZQQOzSSsmWLC1ZijfRaCxS6NEEdueMK6qDWDC62JKTyLx0j4WDLYN
1le4XfzxZhwTcorsAf5A6bBOMQiRt9hZV1AATTgcjaPn45Iq3yPqdw==
=hVh/
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/