"public NFS" on freedesktop.org ? / was: Re: [Xorg] Anon Ftp on freedesktop.org?

Keith Packard keithp at keithp.com
Mon May 24 10:53:04 PDT 2004


Around 19 o'clock on May 24, Roland Mainz wrote:

> Did you read RFC 2054 ("WebNFS Client Specification") yet ? I am talking
> to open _ONE_ port, not all RPC ports. "portmap" ports would NOT be open
> in this case.

No, I've never heard of that spec, and it probably makes a huge amount of 
sense for some sites.  I still think it's scary to open a port to a 
kernel-level process.

I'm much more comfortable with our current policy of having only 'nobody'
daemons talking on network ports -- the ftp daemon I was looking at is
'oftpd' which supports only anonymous ftp and switches to 'nobody' before
accepting any FTP connections.  We've also hacked cvs pserver to start as
nobody.

If there was a user-mode NFS server which could run as 'nobody', perhaps 

Let's see if we can't manage to find a way to satisfy peoples requirements 
and still keep us all comfortable about the vulnerability of the machine; 
fd.o is rather visible and has way too much bandwidth for it's own good.

-keith


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://lists.x.org/archives/xorg/attachments/20040524/6fbfbe26/attachment.pgp>


More information about the xorg mailing list