Re: CERT, about NFS

Scott Schwartz (
Thu, 22 Dec 1994 01:48:17 -0500

> They're just really making sure.  You're right, some of it is redundant.

It's just flatly amazing to me how much hard labor people will happily
endure while never addressing the real, easily fixed, bug; namely that
NFS uses unauthenticated RPC by default.

Not shipping kerberos (or the functional equivalent) as a fully
integrated part of one's OS is a lot like shipping a cpu whose fdiv
instruction doesn't work.

Just my humble opinion.