Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!ucsd!tut.cis.ohio-state.edu!cs.utexas.edu!uunet!tank!eecae!netnews.upenn.edu!dccs.upenn.edu!litwack
From: litwack@dccs.upenn.edu (Mark Litwack)
Newsgroups: comp.unix.ultrix
Subject: Re: Domain names & /etc/exports
Message-ID: <16145@netnews.upenn.edu>
Date: 30 Oct 89 22:50:26 GMT
References: <1050@crltrx.crl.dec.com> <13019@boulder.Colorado.EDU>
Sender: news@netnews.upenn.edu
Distribution: comp
Organization: University of Pennsylvania
Lines: 16


> It's a mountd misfeature.  What happens is this:
>
>	- mounted receives a request from a.b.c.d (address)
>	- it looks up the address to get the name
>	- it matches the string it gets back against the names
>		in the exports file

Not quite.  The name that is matched is the name that the requesting
machine sends the server.  It's strange to do the security check this
way because a requesting machine could lie about its name.

You have to start /etc/mountd with the -i option to make it verify
the IP address as described above (which is not the DEC default).

-mark