I have an application server working under 2.2-STABLE which also exports
filesystems for workstations which boot by means of netboot from their local
DOS-partition. They do not have local unix partitions, except swap, /tmp and
/var/tmp partitions. If the user simply cracks BIOS and boots from FreeBSD
diskette, he can mount a partition from the server which is exported for
read/write and not mapping root to nobody, and, say, place there a setuid file
that runs shell.
Is there a possibility to authenticate NFS client not only by its IP-address
but by some more secure way? Or could it be a subject for further development
(if it is not limited by NFS principals)?
Anton Voronin | Ural Regional Center of FREEnet,
<email@example.com> | Southern Ural University, Chelyabinsk, Russia
http://www.urc.ac.ru/~anton | Student / programmer / system administrator
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message