>That would have a far higher security payback than simply
>checking that each RPC request comes from a privileged port.

>We would have to keep the ACLs in the kernel, but we could have mountd
>write the up-to-date ACLs into the kernel each time it noticed
>/etc/exports has changed, which is probably `good enough' for most NFS
>usage.

Just to throw a spanner in the works... I have NFS running over
SSL.  Mount requests are authenticated via X.509 certificates
and all RPC's are encrypted with 128bit RC4 or IDEA or 
whatever you like.  This is of course the next version of 
my user space NFS server, http://www.quick.com.au/sjg/sNFS.html
which runs directly under inetd without the portmapper... and 
obviously TCP only.

The reason I raise this is that the changes to the RPC library
were trivial... perhps the same could be done for the in-kernel NFS.
Of course folk in the US. would go broke paying all the patent royalties
but its a nice idea...


--sjg