Buyer Beware: A Major Change in NFS is about to happen
Gregory Maxwell
gmaxwell at gmail.com
Wed Sep 30 13:59:37 UTC 2009
On Tue, Sep 29, 2009 at 9:42 PM, Chris Adams <cmadams at hiwaay.net> wrote:
> Once upon a time, Steve Dickson <SteveD at redhat.com> said:
>> On the server (Which is suggested):
>> * Add the following entry to the /etc/exports file:
>> / *(ro,fsid=0) Note: 'fsid=0' is explained in the exports(5) man pages.
>
> The "suggested solution" is to change your NFS servers (that work just
> fine with other clients today) to export the root filesystem to
> everybody?
Yea— It would be ill-advised to actually recommend this to people.
Someone might actually listen and be rather unhappy that your
suggestion undermined their security assumptions. (Okay, you can say
someone who doesn't understand what that line does shouldn't be adding
it to their exports; but people will)
If this change in default behavior doesn't go in to F12 does the
correct handling of the pseudo-root go in? For all the arguments
against accepting the behavior change at a late date, accepting the
server fixes seems far less scary and getting them in ASAP will make
the behavior change less disruptive in the future.
More information about the fedora-devel-list
mailing list