Re: nfsd lacks support for tcp_wrapper

From: Alfred Perlstein (bright@wintelcom.net)
Date: 01/31/01


Date: Tue, 30 Jan 2001 17:26:18 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at>


* Gerald Pfeifer <pfeifer@dbai.tuwien.ac.at> [010130 17:10] wrote:
> Unless we completely missed something, nfsd does lack support for
> tcp_wrapper, doesn't it?
>
> As NFS is a rather critical security-wize this seems like a big omission.
>
> (Many sites, like ours, just cannot avoid using NFS, so it would be nice
> to be able to easily restrict the address range clients are allowed to
> connect from.)
>
> Or are we just missing something?

Missing the fact that nfsd is an in-kernel process and therefore
pretty hard to link against libwrap. Otherwise... i dunno, use
ipfw? :)

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • rpc-srv/tcp: nfsd: sent only -107 bytes (fwd)
    ... Currently running 64 NFS daemons. ... Kernel 2.4.21-32.0.1.EL.XFSsmp is the kernel recompiled from same ... Two NFS clients running 2.4.21-37.ELsmp, namely fnpcg, fngp-osg. ... NFS mailing list archives suggested to increase the number of NFSD, ...
    (Linux-Kernel)
  • Re: Slow file transfer speeds with CFQ IO scheduler in some cases
    ... you to try this patch is that nfsd may be farming off the I/O requests ... to different threads which are then performing interleaved I/O. ... above patch tries to detect this and allow cooperating processes to get ... but I get "oops" same moment nfs read transfer starts. ...
    (Linux-Kernel)
  • Re: Trouble with NFSd under 6.1-Stable, any ideas?
    ... something is wrong with NFS. ... nfsd starts to eats lots of CPU ...
    (freebsd-stable)
  • Re: nfsd lacks support for tcp_wrapper
    ... > Missing the fact that nfsd is an in-kernel process and therefore ... why nfsd shouldn't honor /etc/hosts.allow. ... mountd will do the right magic to tell the kernel what ... And having multiple lines of defense seems like a good idea. ...
    (FreeBSD-Security)
  • Re: Trouble with NFSd under 6.1-Stable, any ideas?
    ... > NFS came to a crawl, and CPU usage so high the box appears to freeze almost. ... nfsd starts to eats lots of CPU ...
    (freebsd-stable)