NFS HOWTO : Security and NFS : Summary
Previous: NFS and firewalls
Next: Mount Checklist

6.5. Summary

If you use the nosuid and privileged port features in the portmapper/nfs software you avoid many of the presently known bugs in nfs and can almost feel secure about that at least. But still, after all that: When an intruder has access to your network, s/he can make strange commands appear in your .forward or read your mail when /home or /var/mail is NFS exported. For the same reason, you should never access your PGP private key over nfs. Or at least you should know the risk involved. And now you know a bit of it.

NFS and the portmapper makes up a complex subsystem and therefore it's not totally unlikely that new bugs will be discovered, either in the basic design or the implementation we use. There might even be holes known now, which someone is abusing. But that's life. To keep abreast of things like this you should at least read the mailing lists freebsd-security@FreeBSD.org at a absolute minimum.


NFS HOWTO : Security and NFS : Summary
Previous: NFS and firewalls
Next: Mount Checklist