• caglararli@hotmail.com
  • 05386281520

What is insecure about the "insecure" option of NFS exports?

Çağlar Arlı      -    39 Views

What is insecure about the "insecure" option of NFS exports?

Why is it considered insecure for an NFS export to allow connections originating from high ports? Compare the manual:

exportfs understands the following export options:

secure

This option requires that requests originate on an Internet port less than IPPORT_RESERVED (1024). This option is on by default. To turn it off, specify insecure.

https://linux.die.net/man/5/exports#content:~:text=General%20Options

Why does it matter which port the request is coming from? Shouldn't the client be free to choose whatever port they like?

The only benefit I see is in a company environment where no regular user has admin rights even on their own system. In this case, the secure setting prohibits using NFS clients not sanctioned by the IT administration. Is that the reason, or what am I overlooking?