>However, if the firewall machine is allowed to mount the disk of an
>internal machine under what condition(s) does this lead to lack of security ?
>This can be a problem if the firewall itself is breached, but if that
>happens, then is everything not already lost ?
Just suppose you gain access to the internal machine whose disk has been
exported and mounted by the firewall machine. It is just reasonable to
conclude that it the remote file system is being mounted that's because
it has something usefull for the firewall itself: executables, datafiles,
Since you've got access to that less protected machine, manipulating those
executable, files, tables you are, in fact, manipulating the firewall
Is that what you want?
And this is just the *SMALLEST* of the possibilities!!!
PADRAO iX Sistemas Abertos Ltda
Solucoes de Informatica
Caixa Postal 3541
+55 61 274-6092 (voice)
+55 61 274-5302 (fax)