Return to BSD News archive
Xref: sserve comp.sys.powerpc:31127 comp.sys.intel:28010 comp.os.misc:3660 comp.unix.bsd:15812 comp.unix.pc-clone.32bit:7966 comp.unix.sys5.r4:9009 comp.unix.misc:15406 comp.os.linux.development:22045 comp.os.linux.misc:32791 comp.os.linux.misc:32792 comp.os.386bsd.development:2975 comp.os.386bsd.misc:4665 Newsgroups: comp.sys.powerpc,comp.sys.intel,comp.os.misc,comp.unix.bsd,comp.unix.pc-clone.32bit,comp.unix.sys5.r4,comp.unix.misc,comp.os.linux.development,comp.os.linux.misc,comp.os.linux.misc,comp.os.386bsd.development,comp.os.386bsd.misc Path: sserve!newshost.anu.edu.au!munnari.oz.au!mel.dit.csiro.au!merlin!harbinger.cc.monash.edu.au!msunews!agate!howland.reston.ans.net!news.sprintlink.net!news.indirect.com!wes From: wes@indirect.com (Barnacle Wes) Subject: Re: Interested in PowerPC for Linux / FreeBSD / NetBSD? Message-ID: <D1nL8D.8GE@indirect.com> Sender: usenet@indirect.com (Internet Direct Admin) Organization: the Briney (notso) Deep Date: Sat, 31 Dec 1994 02:21:48 GMT References: <3cilp3$143@news-2.csn.net> <3d4ucp$sbn@hearst.cac.psu.edu> <SCHWARTZ.94Dec27155146@galapagos.cse.psu.edu> X-Newsreader: TIN [version 1.2.1 [BP] PL2.1] Lines: 119 wes@indirect.com (Barnacle Wes) <that's me!> writes: : Why does it not address the problem? Scott Schwartz (schwartz@galapagos.cse.psu.edu) wrote: : The problem is very simple. NFS (as commonly deployed) does no : authentication, with the result that any communication with the NFS : server is potential subversion. That, per se, is the bug. What is your definition of 'authentication'? Are you assuming that a Kerberos ticket means I am who I say I am? Perhaps you should read the white paper on the weaknesses of Kerberos prepared by bellcore; it will disabuse you of these notions. Of course NFS as commonly deployed does authentication. If it does not do enough to satisfy you, that is a different matter, but it does authenticate mount requests. The NFS server in Ultrix, for instance, supports an option to only allow mount requests from systems listed in the /etc/hosts file. With the exception of IP spoofing, that is a pretty simple and effective mechanism for controlling mounts within a carefully administered network. : Tactics : like using the mount daemon to restrict which hosts can mount : filesystems, or ip filters to restrict which hosts can communicate : with your server, might be adequate in very limited instances, but : they fail to repair the basic defect. This is bad engineering, since : you could solve the general problem in a simple way, instead of : implementing piecemeal kludges with nonobvious failure modes (like : using the portmapper to subvert the mount daemon's host check). > Are you looking for a secure NFS installation, or just an > NFS/Kerberos installation? : It's not a question of security, it's a question of avoiding a : manifest defect. Network filesystems need to do authentication---end : of story. Why is lack of authentication in a network file system a manifest defect? Why would the millions of users on trusted local-area networks using NFS, or NetWare for that matter, need to have some complicated, buggy, unproven authentication system jammed down their throats in order to share disks between their computers? Ooops, I forgot - you're the only *important* user on the planet, aren't you? : So far as I know, kerberos is the only freely available : multi-platform network authentication system, so it's the only viable : mechanism. Any many would contend that since it is freely available, it is *obviously not a viable mechanism*. Who's going to support it? OpenVision? Yeah, right. MIT? Not hardly. > Many netizens seem to have this knee-jerk reaction that Kerberos > will solve all of their security problems so they will never have > to think about security again. Bzzt! Wrong answer! : But since no one has suggested that, your comment is irrelvent. I : will note that many net citizens have this knee-jerk reaction that : Kerberos doesn't solve any of their security problems so they will : never have to think about it again. Bzzt! Wrong Answer! To paraphrase your original post, which you conveniently deleted: "NFS is stupid because it doesn't do authentication the way *I* think it should, but if we could just get these idiot vendors to graft Kerberos into it, the whole world would be a nice place." You implicitly suggested it, leading to my comment. You also completely missed my point: Kerberos, or any other "authentication" scheme, is not a panacea for computer security. I have spoken on panel discussions about UNIX and Internet security issues, and each time, we have one "Kerberos Missionary," usually from OpenVision, telling everyone that Kerberos will solve *all* of their security woes, if you just pay OpenV several million consulting dollars to make it work. Then you have the rest of the panel instructing them to use the security features they already have before they attempt to graft on something else their admin staff doesn't understand or use. : If the unix community can't hack it, Microsoft will be happy to : supplant us. And we will deserve it, too. Sigh. Microsoft, happy to provide secure, working network software. That's pretty good. You're a comedian, too! The fact that essentially the entire world has chosen NetWare, bad as it is, over Microsoft networking software, should tell you something about both Microsoft's ability and believability in this market. > If there were "one great version" of Kerberos, this might be different. : Might be? Kerberos 5 is defined in a standards track RFC. That seems : like the obvious choice. But even if vendors go with K4, the sample : implementation of K5 from MIT can generate K4 tickets, so it's not an : obstacle. Mmmm... Yet another standard prepared for us, like that wonderful #1 seller, OSF/1. A standards-track RFC does not guarantee success, and the system vendors are staying away from Kerberos in droves. This is the single most telling point about Kerberos - is has *no* champions at all in the industry. Quite a comparison to X, wouldn't you say? Don't get me wrong, I agree that a distributed file system with strong authentication is a must-need product for many organizations (dare I say 'enterprises'?). Such a product is *not*, however, needed by *everyone* who wants to share files or disk drives with his neighbor in the next office, contrary to your original posting. Perhaps NFS just isn't what you're looking for; NFS has it's place in the world, as demonstrated by its near-universal acceptance. And perhaps you should consider using AFS, or since you know so much about this, you should develop KFS and make it available to all us idiots too stupid to realize that NFS, which has supported us for 10 years now, is woefully inadequate. On the other hand, perhaps you should just get a job, buy a clue, and stop telling all of us what *everyone* needs. Wes Peters