Re: [PATCH nfs-utils] exportfs: make "insecure" the default for all exports

[Chuck Lever <chuck.lever@oracle.com>]

On 5/13/25 11:14 AM, Lionel Cons wrote:
> On Tue, 13 May 2025 at 15:50, Jeff Layton <jlayton@kernel.org> wrote:
>>
>> Back in the 80's someone thought it was a good idea to carve out a set
>> of ports that only privileged users could use. When NFS was originally
>> conceived, Sun made its server require that clients use low ports.
>> Since Linux was following suit with Sun in those days, exportfs has
>> always defaulted to requiring connections from low ports.
>>
>> These days, anyone can be root on their laptop, so limiting connections
>> to low source ports is of little value.
>>
>> Make the default be "insecure" when creating exports.
>>
>> Signed-off-by: Jeff Layton <jlayton@kernel.org>
>> ---
>> In discussion at the Bake-a-thon, we decided to just go for making
>> "insecure" the default for all exports.
> 
> This patch is one of the WORST ideas in recent times.
> 
> While your assessment might be half-true for the average home office,
> sites like universities, scientific labs and enterprise networks
> consider RPC traffic being restricted to a port below 1024 as a layer
> of security.
> 
> The original idea was that only trusted people have "root" access, and
> only uid=0/root can allocate TCP ports below 1024.
> That is STILL TRUE for universities and other sides, and I think most
> admins there will absolutely NOT appreciate that you disable a layer
> of security just to please script kiddles and wanna-be hackers.
> 
> I am going to fight this patch, to the BITTER end, with blood and biting.

Lionel, your combative attitude is not helpful. You clearly did not read
Jeff's patch, nor do you understand how network security is implemented.
Checking the source port was long ago deemed completely useless, no more
secure than ROT13. Solaris NFS servers have not checked the client's
source port for many many years, for example.

Most of the contributors and maintainers here were first employed by
universities. We're well aware of the security requirements in those
environments and how university IT departments meet those requirements.
Any environment that requires security uses a solution based on
cryptography, such as Kerberos or TLS.

Jeff can, of course, ably defend his work. The reason I'm responding in
this email thread is to make this general comment to the list:

This mailing list is not a help desk, nor is it a users group, nor is it
a place where you can come and ask for new features without providing a
single use case. This is a discussion list for contributors to the Linux
in-kernel NFS implementation. The active word in that last sentence is
"contributor".

If you can't follow along or do not understand a posting, please do not
respond to it. Or if you must respond, first ask for clarification -- if
something seems outrageous to you, it is highly likely that you do not
understand what you read.

Think carefully before you post on a public mailing list, and please
respect your readers' time and attention.


-- 
Chuck Lever