On Tue, May 13, 2025 at 3:50 PM Jeff Layton <jlayton@xxxxxxxxxx> wrote: > > Back in the 80's someone thought it was a good idea to carve out a set > of ports that only privileged users could use. When NFS was originally > conceived, Sun made its server require that clients use low ports. > Since Linux was following suit with Sun in those days, exportfs has > always defaulted to requiring connections from low ports. > > These days, anyone can be root on their laptop, so limiting connections > to low source ports is of little value. > > Make the default be "insecure" when creating exports. I made a poll webpage for our sysadmins about what they think about this change. Out of 26 people allowed to vote 24 voted "BAD idea, keep the secure option the default", and two didn't vote. So this is a change which is virtually 100% hated by the people primarily affected by such a change. Sebi -- Sebastian Feld - IT security consultant
