Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-tis!ames!necntc!dandelion!ulowell!arosen@eagle.ulowell.edu
From: arosen@eagle.ulowell.edu (MFHorn)
Newsgroups: comp.unix.wizards
Subject: Re: NFS security
Message-ID: <8610@swan.ulowell.edu>
Date: 14 Aug 88 19:35:46 GMT
References: <23289@labrea.Stanford.EDU>
Sender: news@swan.ulowell.edu
Lines: 33

From article <23289@labrea.Stanford.EDU>, by karish@denali.stanford.edu
	(Chuck Karish):
> In article <126@leibniz.UUCP> tpc@leibniz.UUCP (Tom Chmara) writes:
>>I have
>>been informed that NFS is NOT particularly secure; i.e. "root"
>>on one machine can wreak havoc on another

An NFS server maps uid 0 from incoming RPC requests to 'nobody', which
is configured into the kernel.  If 'nobody' is set to 0, then anyone
with root access on another machine can get it on yours.  The default
setting for nobody is (in most implementaions) -2.

Also, if you don't export any filesystmes to a particular host, that
host can do nothing to your host even if nobody is set to 0.  [NFS
under Ultrix maps nobody per exported filesystem.]

> Some implementations of NFS assume that user ID numbers are congruent
> on server and client.  This means that a bad guy can empower a
> Trojan horse on the remotely-mounted filesystem, then use it from
> the server machine to get privileged access.

If root access is refused (see above), then the bad guy won't be able
to create a set-uid root file on the server.

> Do current versions of NFS provide a way for managers to control mapping
> of user ID's?

The kernel can only map uid 0.  Yellow Pages, a service provided with
NFS, helps managers maintain a network-wide password file.

Andy Rosen           | arosen@hawk.ulowell.edu | "I got this guitar and I
ULowell, Box #3031   | ulowell!arosen          |  learned how to make it
Lowell, Ma 01854     |                         |  talk" -Thunder Road
                   RD in '88 - The way it should be