Path: utzoo!yunexus!geac!syntron!jtsv16!uunet!lll-winken!lll-lcc!ames!pasteur!ucbvax!decwrl!labrea!denali!karish
From: karish@denali.stanford.edu (Chuck Karish)
Newsgroups: comp.unix.wizards
Subject: Re: NFS security
Keywords: root mount NFS
Message-ID: <23289@labrea.Stanford.EDU>
Date: 14 Aug 88 01:56:31 GMT
Article-I.D.: labrea.23289
References: <126@leibniz.UUCP>
Sender: news@labrea.Stanford.EDU
Reply-To: karish@denali.stanford.edu (Chuck Karish)
Organization: Mindcraft, Inc.
Lines: 23

In article <126@leibniz.UUCP> tpc@leibniz.UUCP (Tom Chmara) writes:
>Not sure this is a question requiring wizardly knowledge, but I have
>been informed that NFS is NOT particularly secure; i.e. "root"
>on one machine can wreak havoc on another (I'm not speaking of
>removing files from a r-w directory etc).  The speaker was not
>overly clear about what the hole was, but he smugly assured me that
>he could do much as he pleased if I were to allow him NFS access from
>a machine on which he was root.  Is this a problem with NFS, or
>with the HP or Apollo versions of NFS?

Some implementations of NFS assume that user ID numbers are congruent
on server and client.  This means that a bad guy can empower a
Trojan horse on the remotely-mounted filesystem, then use it from
the server machine to get privileged access.  This would seem to be
a risk only if the user has login access to both machines.

Do current versions of NFS provide a way for managers to control mapping
of user ID's?  IBM's Distributed Services does, but it's not available
from other vendors.

Chuck Karish	ARPA:	karish@denali.stanford.edu
		BITNET:	karish%denali@forsythe.stanford.edu
		UUCP:	{decvax,hplabs!hpda}!mindcrf!karish
		USPS:	1825 California St. #5   Mountain View, CA 94041