Secure NFS on Linux?
Hey, all. I feel bad because this is my first post in about a million years, and it's a question, but here goes. Is there any way to make NFS even vaguely secure on Linux? I'm thinking something like sec=dh on Solaris, but _anything_ that will stop a random unix host from being able to access everything on our shares would be fine. -Robin -- http://www.csclub.uwaterloo.ca/~rlpowell/ BTW, I'm male, honest. le datni cu djica le zifre .iku'i .oi le so'e datni cu to'e te pilno je xlali -- RLP http://www.lojban.org/
actually the NSA Secure Linux program has that as an action item. check out http://www.nsa.gov/selinux/index.html the thing to remember is that 'secure' in the SELinux project means implementing mandatory access control, not producing a better disk encryption system or whatever. btw, i've been using the various builds of the system since the inception of the program...i think it's worth the effort to try it out. amazing how insecure linux is out in the wild. pz
-----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Robin Lee Powell Sent: Friday, April 06, 2001 1:43 PM To: cypherpunks@Algebra.COM Subject: Secure NFS on Linux?
Hey, all. I feel bad because this is my first post in about a million years, and it's a question, but here goes.
Is there any way to make NFS even vaguely secure on Linux? I'm thinking something like sec=dh on Solaris, but _anything_ that will stop a random unix host from being able to access everything on our shares would be fine.
-Robin
-- http://www.csclub.uwaterloo.ca/~rlpowell/ BTW, I'm male, honest. le datni cu djica le zifre .iku'i .oi le so'e datni cu to'e te pilno je xlali -- RLP http://www.lojban.org/
On Fri, Apr 06, 2001 at 08:25:21PM -0400, Phillip H. Zakas wrote:
actually the NSA Secure Linux program has that as an action item. check out http://www.nsa.gov/selinux/index.html the thing to remember is that 'secure' in the SELinux project means implementing mandatory access control, not producing a better disk encryption system or whatever.
<nod> And that's all I want: good authentication/access control. Is their nfs code finished? Is it portable to other linuxes? -Robin -- http://www.csclub.uwaterloo.ca/~rlpowell/ BTW, I'm male, honest. le datni cu djica le zifre .iku'i .oi le so'e datni cu to'e te pilno je xlali -- RLP http://www.lojban.org/
no, the nfs stuff is not finished, not sure if anyone has actually made any serious progress on it yet. as for portability, the entire work is based on flask, so the security server is actually a kernel subsystem. that means it's pretty portable (for example, if you're upgrading to 2.4.2 you're ok). many of the testers are using the red hat distro, i personally prefer debian. phillip
-----Original Message----- From: owner-cypherpunks@Algebra.COM [mailto:owner-cypherpunks@Algebra.COM]On Behalf Of Robin Lee Powell Sent: Saturday, April 07, 2001 9:59 PM To: cypherpunks@Algebra.COM Subject: Re: Secure NFS on Linux?
On Fri, Apr 06, 2001 at 08:25:21PM -0400, Phillip H. Zakas wrote:
actually the NSA Secure Linux program has that as an action item. check out http://www.nsa.gov/selinux/index.html the thing to remember is that 'secure' in the SELinux project means implementing mandatory access control, not producing a better disk encryption system or whatever.
<nod> And that's all I want: good authentication/access control.
Is their nfs code finished? Is it portable to other linuxes?
-Robin
-- http://www.csclub.uwaterloo.ca/~rlpowell/ BTW, I'm male, honest. le datni cu djica le zifre .iku'i .oi le so'e datni cu to'e te pilno je xlali -- RLP http://www.lojban.org/
participants (2)
-
Phillip H. Zakas
-
Robin Lee Powell