Forgot your password?
typodupeerror

Comment: Re: NFS + SSH is a security hole (Score 1) 98

by goarilla (#47515259) Attached to: Ask Slashdot: Linux Login and Resource Management In a Computer Lab?

No, he was putting public keys (not private) into a home directory. Specifically, the user was root which was only possible because a) /root was exported (via exporting /), b) root squash wasn't enabled. Yes, nfs3 is fundamentally insecure. Any vaguely competent sysadmin knows this and knows to take appropriate precautions.

And what's the appropriate action besides root_squash and proper host access control (/etc/exports,tcp wrappers, firewall, etc ...) ?
It still doesn't do any real authentication.

Comment: Re:Systemd? Not on my system... (Score 1) 224

by goarilla (#47495137) Attached to: X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration

TCP isn't noticably more secure than UDP - the extra fields in TCP are unsigned and can be spoofed too.

But it's a lot harder since you need to have the server believe you've established a connection and can't just dump spoofded data on the wire like with UDP.

Thus, security is implemented on top of the transport layer, where it works just as well for udp as tcp. The advantage of udp then is that you get more payload per encrypted or signed unit, thus higher speed.

What are you talking about: NFSv4 ?, ipsec ? What is this security you speak of.

Comment: Re:Systemd? Not on my system... (Score 1) 224

by goarilla (#47493681) Attached to: X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration

Also, avoid distros that set up NFS to use tcp instead of the default udp. That's a huge performance killer, and not needed unless you use hubs instead of switches or need to tunnel the traffic.)

I'm not avoiding a distro if it chooses tcp over udp.
Isn't using UDP instead of TCP removing that last bit of pseudo-security NFS has ?
Aren't you now vulnerable to all sort of spoofing mayhem now ?

Comment: Re:So... (Score 1) 224

by goarilla (#47492953) Attached to: X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration

init doesn't manage services. Services are either managed by inetd or by themselves. init only has to start the services.

That's not completely true: init (re)spawns (a|min)getties on the ttys. So it does some monitoring of its "special" children.
Wether this is feature creep and/or an exception I don't know.

Comment: Re:Soon... (Score 1) 224

by goarilla (#47488173) Attached to: X.Org Server 1.16 Brings XWayland, GLAMOR, Systemd Integration

The only problem with Macs is that people hoard them instead of throwing them in the trash where they belong. Else I would have picked up a Mac Mini on the ground, install BootCamp on it and then it would be about good enough as a DHCP server and porn storage unit.

So you want one but can't get one through "dumpster diving". Oh, poor you.

Always think of something new; this helps you forget your last rotten idea. -- Seth Frankel

Working...