FQDN in rw=list for share_nfs required?

FQDN in rw=list for share_nfs required?

Post by Colin Wils » Wed, 15 May 1996 04:00:00



I want to add a access list of hosts to some nfs shared directories
in Solaris 2.4.  Apparently the access mechanism requires
fully qualified names.  This is doable, but I'm curious if
there is a patch which would let me use the simple name, like
the root= qualifier does.  Any hints?  I'm new to administering
solaris, so I may have missed something obvious.

Colin
-----
Colin Wilson                      |     A mind once stretched by a new idea
Dept of Molecular Biotechnology   |     never regains its original dimension.
University of Washington          |               - Oliver Wendell Holmes
Box 357730
Seattle, WA  98195-7730

 
 
 

1. flexlm on HPs requires rw-rw-rw- on /dev/lan0



  [ First off, tell them to type
  % uname -a
  HP-UX roissy A.09.01 A 9000/710 2000058403 two-user license
                                  ^^^^^^^^^^
  and look at this number.  HP says it is unique per machine and will
  stay the same if HP replaces your board.  They don't make the same
  claim about your ethernet address.
  ]

HP doesn't support promiscuous mode through /dev/lan0, so you cannot
eavesdrop on the net as a whole.  You can't send ethernet frames that
look like they came from a different computer.  You can't send or receive
ethernet frames with a type field that is in use by some other thing
in your computer, so you can't spoof IP because the kernel has already
claimed that protocol-type for itself.  You can't reset the interface
unless you are root.  [This is all determined from a machine that
*doesn't* have the STREAMS add-on.]

Now for the security holes:

If there is *any* protocol in use on your network that your HP box is
*not* using, that protocol can be spoofed from your machine through the
/dev/lan0 interface.  This could mean Novell or DECNET or it could just
mean gobs of broadcast packets containing the string "YADDA YADDA YADDA".

Don't forget that routers often are set up to forward more than just
IP packets.  For example, the network here also forwards IPX packets,
so I could use my HP to attack a Novell machine on the other side of
the campus, if I was willing to implement Novell protocols as user
level code.

2. Sendmail Exploits List: Censorship?

3. share_nfs problem with both ro= and rw=

4. Multiple simultaneous probes of port 53

5. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !

6. sendmail 8.7.1 can't fork, not enough space

7. A SIMPLE SHELL PROGRAM CHANGE /etc/passwd mode to -rw-rw-rw-

8. Cisco Aironet 350 PCMCIA card. Which chipset?

9. File permission set to -rw-rw-rw-?by Apache/CGI?

10. Summary: ftpd from SunOS 4.1.3 creates files with rw-rw-rw

11. I want FTP default to be -rwxrwxrwx files, NOT system default like -rw-rw-rw- files !

12. vi (Re: =-> Is /tmp: -rw-rw-rw- root system" a risc?)

13. ftpd from SunOS 4.1.3 creates files with rw-rw-rw