Robert Watson rwatson at FreeBSD.ORG
Wed Apr 14 10:44:09 PDT 2004

On Wed, 14 Apr 2004, masta wrote:

> >>Anyway, in the circumstances pertaining to this thread, aren't we
> >>talking about diskless clients in a university lab, and an
> >>access-controlled fileserver locked away in a rack somewhere which has
> >>the disks? 
> >>
> >
> >I have to say that if you're loading your kernel out of TFTP, and your
> >root file system is running out of NFS, the chances are you won't mind
> >loading /entropy out of NFS.
> >
> Why? We got a NFSv4 client in base.
> Not that this is a highly-likely situation today, I'm just saying anyways.

What I'm saying is: DHCP is pretty insecure against local area attacks, as
is TFTP, so concerns about storing security-related state in NFS for such
systems probably aren't such a big deal.

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at      Senior Research Scientist, McAfee Research

More information about the freebsd-current mailing list