From: "J. Bruce Fields" <bfields@fieldses.org>
To: Steve Dickson <SteveD@redhat.com>
Cc: Trond Myklebust <trond.myklebust@primarydata.com>,
Jan Chaloupka <jchaloup@redhat.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH] mountd.man: mountd tcp wrappers support only NFS v2/v3
Date: Wed, 24 Sep 2014 13:04:21 -0400 [thread overview]
Message-ID: <20140924170421.GA7365@fieldses.org> (raw)
In-Reply-To: <5422E18E.2080905@RedHat.com>
On Wed, Sep 24, 2014 at 11:21:50AM -0400, Steve Dickson wrote:
>
>
> On 09/23/2014 04:41 PM, Trond Myklebust wrote:
> > On Tue, Sep 23, 2014 at 3:07 AM, Jan Chaloupka <jchaloup@redhat.com> wrote:
> >> mountd tcp wrappers support only NFSv2 and NFSv3, not NFSv4.
> >>
> >> https://bugzilla.redhat.com/show_bug.cgi?id=1116283
> >>
> >> This patch updates the man page
> >>
> >> Signed-off-by: Jan Chaloupka <jchaloup@redhat.com>
> >> ---
> >> utils/mountd/mountd.man | 2 ++
> >> 1 file changed, 2 insertions(+)
> >>
> >> diff --git a/utils/mountd/mountd.man b/utils/mountd/mountd.man
> >> index a8828ae..1aae75b 100644
> >> --- a/utils/mountd/mountd.man
> >> +++ b/utils/mountd/mountd.man
> >> @@ -217,6 +217,8 @@ listeners using the
> >> .B tcp_wrapper
> >> library or
> >> .BR iptables (8).
> >> +Tcp wrappers are only in effect with NFS version 2 and 3 mounts.
> >> +They do not work with NFS version 4.
> >> .PP
> >> Note that the
> >> .B tcp_wrapper
> >>
> >
> > Is there any point to compiling mountd with the tcp wrappers in this
> > day and age?
> >From an upstream point of view... Sure... But I don't think
> we can remove them from the man pages...
>
>
> > tcp wrappers isn't enforced by knfsd, so as the above
> > manpage change indicates it really is only blocking NFSv2/v3 _mount_
> > attempts.
> >
> > If you can use NFSv4, or sniff the NFSv2/v3 traffic or even just guess
> > NFSv2/v3 filehandles, then tcp wrappers can be 100% circumvented.
> >
> You would be surprised on the amount of people that still use
> them...
I'd also be surprised if any of them really understand how little they
do in this case.
--b.
next prev parent reply other threads:[~2014-09-24 17:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-23 7:07 [PATCH] mountd.man: mountd tcp wrappers support only NFS v2/v3 Jan Chaloupka
2014-09-23 20:41 ` Trond Myklebust
2014-09-24 15:21 ` Steve Dickson
2014-09-24 17:04 ` J. Bruce Fields [this message]
2014-09-24 17:18 ` Trond Myklebust
-- strict thread matches above, loose matches on Subject: below --
2014-09-23 7:14 Jan Chaloupka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140924170421.GA7365@fieldses.org \
--to=bfields@fieldses.org \
--cc=SteveD@redhat.com \
--cc=jchaloup@redhat.com \
--cc=linux-nfs@vger.kernel.org \
--cc=trond.myklebust@primarydata.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.