Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!lll-winken!lll-lcc!ames!pasteur!ucbvax!decwrl!labrea!denali!karish From: karish@denali.stanford.edu (Chuck Karish) Newsgroups: comp.unix.wizards Subject: Re: NFS security Keywords: root mount NFS Message-ID: <23289@labrea.Stanford.EDU> Date: 14 Aug 88 01:56:31 GMT Article-I.D.: labrea.23289 References: <126@leibniz.UUCP> Sender: news@labrea.Stanford.EDU Reply-To: karish@denali.stanford.edu (Chuck Karish) Organization: Mindcraft, Inc. Lines: 23 In article <126@leibniz.UUCP> tpc@leibniz.UUCP (Tom Chmara) writes: >Not sure this is a question requiring wizardly knowledge, but I have >been informed that NFS is NOT particularly secure; i.e. "root" >on one machine can wreak havoc on another (I'm not speaking of >removing files from a r-w directory etc). The speaker was not >overly clear about what the hole was, but he smugly assured me that >he could do much as he pleased if I were to allow him NFS access from >a machine on which he was root. Is this a problem with NFS, or >with the HP or Apollo versions of NFS? Some implementations of NFS assume that user ID numbers are congruent on server and client. This means that a bad guy can empower a Trojan horse on the remotely-mounted filesystem, then use it from the server machine to get privileged access. This would seem to be a risk only if the user has login access to both machines. Do current versions of NFS provide a way for managers to control mapping of user ID's? IBM's Distributed Services does, but it's not available from other vendors. Chuck Karish ARPA: karish@denali.stanford.edu BITNET: karish%denali@forsythe.stanford.edu UUCP: {decvax,hplabs!hpda}!mindcrf!karish USPS: 1825 California St. #5 Mountain View, CA 94041