NFS security (was: Changing NGROUPS_MAX to 1024?)

To: tech-kern%netbsd.org@localhost
Subject: NFS security (was: Changing NGROUPS_MAX to 1024?)
From: Edgar Fuß <ef%math.uni-bonn.de@localhost>
Date: Sun, 19 Apr 2026 18:54:09 +0200

> Is it?  My feeling - deriving largely from my experience - is that NFS
> is far more likely to be deployed in a private internal network than
> over relatively attackable networks like the open Internet.  Do you
> have reason to think that feeling is wrong in the large, that "new NFS
> installations" predominantly have threat models where on-the-wire
> attacks are significant enough for them to find NFSv3 unacceptable?
> (Honestly, my guess would be that most of them have not even formulated
> their threat model.)
The problem with NFSv3 is that the server believes the client.
So, if one of my 150 clients gets compromised, all user data is compromised.

References:
- Re: Changing NGROUPS_MAX to 1024?
  - From: Konrad Schroder
- Re: Changing NGROUPS_MAX to 1024?
  - From: Taylor R Campbell
- Re: Changing NGROUPS_MAX to 1024?
  - From: Michael van Elst
- Re: Changing NGROUPS_MAX to 1024?
  - From: Brett Lymn
- Re: Changing NGROUPS_MAX to 1024?
  - From: Edgar Fuß
- Re: Changing NGROUPS_MAX to 1024?
  - From: Jason Thorpe
- Re: Changing NGROUPS_MAX to 1024?
  - From: od2uvb
- Re: Changing NGROUPS_MAX to 1024?
  - From: Mouse
- Re: Changing NGROUPS_MAX to 1024?
  - From: od2uvb
- Re: Changing NGROUPS_MAX to 1024?
  - From: Mouse

Prev by Date: Re: tprof(8) ABI
Next by Date: Re: Changing NGROUPS_MAX to 1024?
Previous by Thread: Re: Changing NGROUPS_MAX to 1024?
Next by Thread: Re: Changing NGROUPS_MAX to 1024?
Indexes:

Home | Main Index | Thread Index | Old Index