> > 1. Do *not* self-reference an NFS server in its own exports file. > > 2. Do not allow the exports file to contain a "localhost" entry. > > Anyone know why these are recommended? As far as I can see, if your > portmapper doesn't do proxy calls and/or you firewall out port 111, and > you don't care about local attacks, neither C.1 nor C.2 will buy you > anything further. Am I missing something, or are these bits of advice > simply there for people who don't do A and B? I recall an old bug (possibly in a CERT advisory) about NFS and exporting to localhost. I can't remember what it is off the top of my head, and I'm not at school to look it up, but I think it was something along the lines of if you mounted a filesystem to localhost permissions were no longer checked for some reason. Of course, if you don't worry about local attacks it's not a problem, but many of us do. Someone with easy access to CERT advisories might want to look back a year or so and see waht all the "localhost NFS bug" entailed.