Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > muc.lists.netbsd.tech.kern > #23525
| Path | csiph.com!weretis.net!feeder8.news.weretis.net!news.szaf.org!3.eu.feeder.erje.net!feeder.erje.net!news2.arglkargh.de!news.karotte.org!news.space.net!news.muc.de!.POSTED.news.muc.de!not-for-mail |
|---|---|
| From | od2uvb@0w.se |
| Newsgroups | muc.lists.netbsd.tech.kern |
| Subject | regarding support of NFS versions (Re: Changing NGROUPS_MAX to 1024?) |
| Date | Mon, 20 Apr 2026 08:41:23 +0200 |
| Organization | Newsgate at muc.de e.V. |
| Sender | tech-kern-owner@NetBSD.org |
| Approved | news-admin@muc.de |
| Distribution | world |
| Message-ID | <aeXKk-cYENGuSa2J@localhost> (permalink) |
| References | <> <202604191353.JAA04942@Stone.Rodents-Montreal.ORG> |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset=us-ascii |
| Injection-Info | news.muc.de; posting-host="news.muc.de:193.149.48.2"; logging-data="3172"; mail-complaints-to="news-admin@muc.de" |
| Authentication-Results | mail.netbsd.org (amavisd-new); dkim=pass (2048-bit key) header.d=x.fripost.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/simple; d=x.fripost.org; h= in-reply-to:content-disposition:content-type:content-type :mime-version:references:message-id:subject:subject:from:from :date:date; s=9df9cdc7e101629b5003b587945afa70; t=1776667306; x= 1778481707; bh=jASsxPg0tZ2iduHVUQ5noarSH+Tjg96W9ZUnFr/SVEE=; b=K +8YW4C7TPefZ/E+MkGWGurYPBPK7ZJhg4DSEJV+vdf1jyY0mQ0sxHUQMQZliFfZ8 0lVGhfBx8W950AKqrPogxd8ykp2LPIlHAjRCpyVDxc8MdPRnkz9/NFD90VDNVrPx WUEx0fFcMWZ2BJKkCDxmq9hb627vimwHn/hHs/dhpVi1QG8Py+ItO3Qq9JeDVIgz XZi1QFNuWBAGb9B9EY/74ih5PBmf3YTKieT15uWlQWCTAYTtlGZJsbIThi1iBOXf BnXIFEG2XBMfIoY56Zk0k6KXdP8abBcU+WpJDWxNyYYymHorIN4isupgMBh9Bbjd b5u7DQvlDQ2dHM/21kbsQ== |
| Content-Disposition | inline |
| In-Reply-To | <202604191353.JAA04942@Stone.Rodents-Montreal.ORG> |
| Precedence | bulk |
| X-Newsgate-Id | f02c70b8849f+ |
| X-No-Archive | Yes |
| Xref | csiph.com muc.lists.netbsd.tech.kern:23525 |
Show key headers only | View raw
On Sun, Apr 19, 2026 at 09:53:48AM -0400, Mouse wrote: > > [...] NFSv3 itself and the security workarounds come with a cost (not > > least the inevitable constraints on the system's management and > > evolution/adjustment). > > Yes, but... > > > Relying on some mainstream OS with support for NFSv4 does not bring > > similar disadvantages. > > ...doesn't it? In my experience, *every* OS, including "mainstream" > ones, comes with its own constraints on system mangement, evolution, > and adjustment. It's a question of tradeoffs: which set of constraints > is less of a problem for the use case in question? Those constraints are there with or without NFS, on NetBSD or otherwise. NFS3 adds to them an inferior security model and forces administration of all the clients to be tightly synchronized with the server(s). > My feeling - deriving largely from my experience - is that NFS > is far more likely to be deployed in a private internal network than > over relatively attackable networks like the open Internet. Do you > have reason to think that feeling is wrong in the large, that "new NFS > installations" predominantly have threat models where on-the-wire > attacks are significant enough for them to find NFSv3 unacceptable? To allow a compromise of a single unit attached to a "protected network" to make most of the data accessible? It makes sense, when the value of the data is so low that no attacker would ever care, or when the network is really small and under total control. This excludes any large/heterogeneous installation with nontrivial data. (yes, adding Kerberos to NFSv3 would improve this, but would leave its other limitations in place) > (Honestly, my guess would be that most of them have not even formulated > their threat model.) Sadly, at least some of them. Fortunately, there are also users and system designers who try to do better. regards, od2uvb -- Posted automagically by a mail2news gateway at muc.de e.V. Please direct questions, flames, donations, etc. to news-admin@muc.de
Back to muc.lists.netbsd.tech.kern | Previous | Next — Previous in thread | Next in thread | Find similar
Re: Changing NGROUPS_MAX to 1024? Mouse <mouse@Rodents-Montreal.ORG> - 2026-04-19 09:53 -0400
NFS security (was: Changing NGROUPS_MAX to 1024?) Edgar Fuß <ef@math.uni-bonn.de> - 2026-04-19 18:54 +0200
Re: Changing NGROUPS_MAX to 1024? Piotr Meyer <aniou+netbsd@smutek.pl> - 2026-04-19 17:16 +0200
regarding support of NFS versions (Re: Changing NGROUPS_MAX to 1024?) od2uvb@0w.se - 2026-04-20 08:41 +0200
Re: regarding support of NFS versions Edgar Fuß <ef@math.uni-bonn.de> - 2026-04-24 17:43 +0200
Re: regarding support of NFS versions Ken Hornstein <kenh@cmf.nrl.navy.mil> - 2026-04-24 12:07 -0400
csiph-web