On Wed, 14 Apr 2004, masta wrote: > >>Anyway, in the circumstances pertaining to this thread, aren't we > >>talking about diskless clients in a university lab, and an > >>access-controlled fileserver locked away in a rack somewhere which has > >>the disks? > >> > > > >I have to say that if you're loading your kernel out of TFTP, and your > >root file system is running out of NFS, the chances are you won't mind > >loading /entropy out of NFS. > > > Why? We got a NFSv4 client in base. > Not that this is a highly-likely situation today, I'm just saying anyways. What I'm saying is: DHCP is pretty insecure against local area attacks, as is TFTP, so concerns about storing security-related state in NFS for such systems probably aren't such a big deal. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects robert_at_fledge.watson.org Senior Research Scientist, McAfee ResearchReceived on Wed Apr 14 2004 - 08:44:09 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:51 UTC