Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!cs.utexas.edu!sm.unisys.com!hplabs!hpda!hpcuhb!hpcllla!hpclisp!hpclscu!shankar
From: shankar@hpclscu.HP.COM (Shankar Unni)
Newsgroups: comp.unix.wizards
Subject: Re: NFS security
Message-ID: <670028@hpclscu.HP.COM>
Date: 15 Aug 88 00:36:54 GMT
References: <126@leibniz.UUCP>
Organization: HP NSG/ISD California Language Lab
Lines: 16

> removing files from a r-w directory etc).  The speaker was not
> overly clear about what the hole was, but he smugly assured me that
> he could do much as he pleased if I were to allow him NFS access from
> a machine on which he was root.  Is this a problem with NFS, or
> with the HP or Apollo versions of NFS?

Normally, root on a machine (say, A) which NFS-mounts file systems from
another machine (say, B) gets the uid -2 on machine B. He (/she/it) thus
cannot do much damage on B.

However, there is a configurable option to let root on A get a uid of 0
(or anything other than -2) on B. Then of course you're playing with
fire...
--
Shankar Unni.
Hewlett-Packard.