Re: (OT) The NFS security system

To: Raffaele Sandrini <rasa@gmx.ch>
Cc: debian-user@lists.debian.org
Subject: Re: (OT) The NFS security system
From: David Wright <ichbin@shadlen.org>
Date: Fri, 13 Sep 2002 12:32:55 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.44.0209131224110.7616-100000@herbie.shadlen.org>
In-reply-to: <[🔎] 200209131835.09893.rasa@gmx.ch>

> Hmm i assumed that... but thats very bad... I mean, that makes NFS unusable in
> a LAN wich needs to be protected also against its own users. Every user can
> just connect his Laptop to the network and "surf" as root in the NFS
> shares... so you need the squash root everywhere and that makes it unusuable
> for system things like nfsroot :-((

NFS security sucks, but it doesn't suck that badly. If you export only to
the IP addresses of machines that you manage AND you export with the
secure flag (meaning that client requests are required to originate from
port numbers that only root is allowed to use), your malicious local users
will not be able to impersonate others as you describe.

Of course, by hijacking a trusted IP or rooting one of your NFS clients,
they still could. But these things are harder than just sending out a fake
UID. If you want to avoid these sorts of attacks, you'll need to use NFS
v4 or OpenAFS or Coda. These systems support certificate or ticket based
authentication.

For more info on NFS security and other issues, see the whitepaper at
  http://www.metaconsultancy.com/whitepapers/

Reply to:

References:
- Re: (OT) The NFS security system
  - From: Raffaele Sandrini <rasa@gmx.ch>

Prev by Date: Re: Truetype fonts in mozilla/galeon
Next by Date: Re: Writing a kernel building walkthrough - proofreaders wanted
Previous by thread: Re: (OT) The NFS security system
Next by thread: Re: (OT) The NFS security system
Index(es):
- Date
- Thread