Dear Linux-NFS people, NFS has always had the root_squash option, to protect against a remote and possibly evil root. NFS should also protect all privileged, or at least all root-equivalent, UIDs and GIDs. Many UNIX distributions have root-equivalent GIDs, groups whose members could easily become root, some listed in http://bugs.debian.org/299007#219 . Currently, NFS has no ways to protect privileged UIDs and GIDs other than root himself. Such options should be implemented, to make NFS safer and more useful. As I understand it, the hold-up is not within NFS code, but with kernel interfaces not supporting lists of squashed entities. I am asking you to devise and implement such interfaces. References: http://bugs.debian.org/299007 http://bugs.debian.org/384922 http://bugs.debian.org/538392 https://bugzilla.kernel.org/show_bug.cgi?id=14295 Thanks, Paul Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
