From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Ronald G. Minnich" To: 9fans@cse.psu.edu Subject: Re: [9fans] fs administration: how do people update multi-user fs? In-Reply-To: <3E4D2482.3020204@nas.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Date: Fri, 14 Feb 2003 10:47:16 -0700 Topicbox-Message-UUID: 6028d6e0-eacb-11e9-9e20-41e7f4b1d025 On Fri, 14 Feb 2003, Jack Johnson wrote: > Ronald G. Minnich wrote: > > A few things I've noticed in recent years, esp. on Linux > > - you need to be root more than you used to > > - more priveleged ports, not less > > I agree with you in the other areas, but it seems that we're trading > services, not necessarily adding services. yeah but. Some are new, some old, some just moved, all assume that priv ports somehow covers the problems. Each one of these new nice services makes you more vulnerable. The problem is we're continuing to glue stuff onto a system that probably can't be fixed, and nobody seems to care too much. Priv ports have been known to be a hack forever, but we use them more than ever. This seems a bad trend. I was also thinking of the move of the NFS port from 2049 to priv space. That was a really insecure protocol, and it still is: people seem to feel that moving it to priv space somehow made things better. Kind of funny, isn't it? After all, nobody can just boot dos and run a little code, right? ron