Bug#869662: gvfs-backends: gvfs-nfs not possible to mount nfs exports with option secure
Simon McVittie
smcv at debian.org
Tue Jul 25 17:33:31 UTC 2017
On Tue, 25 Jul 2017 at 14:47:46 +0200, Stefan Tatschner wrote:
> it is not possible to mount an nfs share using nautilus (which in turn uses
> gvfs-nfs) that is exported with the "secure" option. The nfs secure option is
> the default for nfs exports. It means, that the nfs server does not accept connections
> from an unprivileged source port (portno < 1024).
The "secure" option is meant to mean exactly "only root can mount this".
gvfs isn't root. You asked for it, you got it? :-)
> - Set the cap_net_bind_service capability on the binary "/usr/lib/gvfs/gvfsd-nfs"
That would mean that servers believe that gvfsd-nfs is a trusted,
root-owned process (inasmuch as they trust other machines on the network,
which they probably should not), even when it isn't. Misguided though the
"secure" option is, that seems misleading at best, and in the worst case
potentially a security vulnerability.
S
More information about the pkg-gnome-maintainers
mailing list