On Fri, 16 Apr 1999, David Lang wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 15 Apr 1999, Theodore Y. Ts'o wrote:
>
> >
> > Date: Thu, 15 Apr 1999 16:07:35 -0700 (PDT)
> > From: David Lang <dlang@diginsite.com>
> >
> > As for the NFS issue, there are situations where NFS can be used in a
> > (at least semi)secure environment. If the NFS traffic is on a dedicated
> > LAN (often done for performance anyway) then the only way that NFS can be
> > a problem is if one of your machines in hacked into anyway. The ability to
> > use capabilities on NFS mounted files would significantly help in server
> > farm situations.
> >
> > So if I can manage to hack into one of your machines, (say, the one
> > which is running the sendmail that didn't get updated to fix the
> > sendmail security bug of the week) I get to break into all of the
> > rest?!?
> >
> > This is real security? I think not.
>
> But if we are using capabilities on all the machines, hacking into
> sendmail won't give you this sort of access (or am I misunderstanding what
> we are after here?)
Well, I certainly am not in favor of trying to hack capabilities to work
in a heterogenous environment. I see no reason why nfs can't be hacked so
that two Linux machines can use capabilities over nfs. As far as IRIX,
Linux 2.0 nfs servers, ... I just don't see this as an absolute necessity,
especially when it adds what I consider unneeded bloat and complexity to
our implementation.
Of course, at least one gentleman from SGI has been very helpful in this
thread; perhaps IRIX will get patched for this. ;-)
> > A real world example. you setup a web server farm with the common
> > files/binarys NFS mounted.
> >
> > Disk space is cheap these days. $300 USD will buy you 20 gigabytes of
> > space; a complete Linux system worth of binaries is maybe 1, 2 gigs tops
> > for a fully loaded system. If you're not willing to pay $15-30 extra
> > per server so that each system can have its own copy of its system
> > software, you're not serious about your system security.
> >
> > Besides, running your server farm with standalone disk increases your
> > performance and your robustness, since you remove a single point of
> > failure. (If your NFS server crashs, your entire server farm goes out.)
> >
>
> The reason to use the NFS server is not cost (A good, redundant NFS server
> can be very expensive) the reason is ease of management, if you only have
> one copy of the data the possibility that different servers have different
> info just isn't there.
For binaries, hack rdist; for _data_, just use nfs as is w/o caps.
cheers,
David
- --
David L. Parsley
Network Specialist
City of Salem Schools
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/