Web lists-archives.com

Re: NFS client and untrusted server




On Fri, 24 Nov 2017 21:44:56 -0500
Roberto C. Sánchez wrote:

> NFS is a very old protocol that very likely has as yet undiscovered
> vulnerabilities.  I would expect that the likelihood of there being
> even a theoretical vulnerability that would allow a malicous user on
> the server to gain access to a client would be very low.

Ok. I wasn't sure because it seems rather complex with all this RPC
stuff.

> However, I think you are going about this all wrong.  A backup script
> or program would have to touch/examine every file to determine its
> age, MD5 sum, or whatever other feature drives the backup/no-backup
> decision. NFS is actually a terrible protocol for this sort of thing.

Ok, [1] for example says it's factor two compared to iSCSI.
 
> That is likely to be more secure and I can practically guarantee it
> will have better performance.

That's probably better. I was thinking about NFS because I don't have
enough disks on the backup server. Those files should go to tape.

Thank you for your quick reply!

- Chris


[1]
https://www.usenix.org/legacy/publications/library/proceedings/fast04/tech/full_papers/radkov/radkov_html/head.html