Subject: Re: nfs - export file
To: None <port-i386@netbsd.org>
From: Andrew Brown <atatat@atatdot.net>
List: port-i386
Date: 09/27/2001 14:49:19
> Note that the -alldirs option should not be used as a security
> measure to make clients mount only those subdirectories that they
> should have access to. A client can still access the whole
> filesystem via individual RPCs if it wanted to, even if just one
> subdirectory has been mounted
can't we leverage vn_isunder() to provide a little bit of the security
that this paragraph says is not possible? or am i confusing too many
different things?
--
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org * "ah! i see you have the internet
twofsonet@graffiti.com (Andrew Brown) that goes *ping*!"
andrew@crossbar.com * "information is power -- share the wealth."