WARNING: I have absolutely no idea what security holes (if any) lurk
here. I have also included tcpd, which is really pretty pointless
these days given that folks are spoofing IP addrs with frightening
regularity. Also, if you run NFS on a non-firewalled network, you
might as well just post a message to Usenet telling people that you
want your machine ripped to shreds.
The sources I used for the programs have been taken from the latest
Linux networking sources I could find. Most of them built out of the
box. rpc.nfsd and rpc.mountd were taken from nfs-server-2.0rt on
sunsite.unc.edu. I would suspect that rpc.portmap is probably a
walking security hole, as it was taken from an old rpc distribution.
I strongly suggest the use of something such as Kerberos, if you plan
on putting your machine on the Internet. I have a working version of
Kerberos v5 for Linux/Alpha, and I would be more than happy to make a
set of diffs available to people if there is any interest.
Bob