Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!sharkey!oxtrap!time From: time@oxtrap.oxtrap.UUCP (Tim Endres) Newsgroups: comp.protocols.nfs Subject: Re: Unix Authorization Info Message-ID: Date: 28 Jul 89 17:53:50 GMT References: <892@jupiter.UUCP> Sender: time@oxtrap.uucp (Tim Endres) Reply-To: time@oxtrap.UUCP Distribution: usa Organization: Oxtrap - Ann Arbor, MI Lines: 13 In-reply-to: bob@jupiter.UUCP's message of 26 Jul 89 22:56:18 GMT In article <892@jupiter.UUCP> bob@jupiter.UUCP (Bob Schulman) writes: The Unix authorization info which is in the NFS/mount protocol includes a field called the "machine name" (or something like that). Is this field used by anyone? What do NFS servers/mount daemons do if this field is garbage or if it's a zero length string? This is the way NFS checks you against the export list. It is a big hole. If I "name" my Sun some other name, I am the new machine in terms of the export list. The more correct way is to also check my name against the address I am using to see if it matches my /etc/hosts. If it does not, then someone is spoofing the name. This has been fixed in later versions I beleive.