Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!newstop!texsun!convex!convex.COM
From: tchrist@convex.COM (Tom Christiansen)
Newsgroups: comp.unix.internals
Subject: Re: becoming root via NFS
Message-ID: <111563@convex.convex.com>
Date: 17 Dec 90 08:23:01 GMT
References: <4627@pkmab.se> <4088@osc.COM> <111544@convex.convex.com>
Sender: news@convex.com
Reply-To: tchrist@convex.COM (Tom Christiansen)
Organization: CONVEX Software Development, Richardson, TX
Lines: 18

Before I get flamed for having pointed out a problem without suggesting a
solution, here's an idea.  Add a new option to mount like suid that says
whether device files are to be considered valid; otherwise return ENXIO.
Normally only mount root this way, and never export root.  I believe this
will do the trick.  For diskless workstations, you of course have their
[the workstation owners] devices on your [the server] disk, and they can
add all the devices they want to that partition, but since that filesystem
isn't mounted with device interpretation enabled, it won't do them any
good anyway.

Until something like this is done, if you can be root on the workstation,
you can be root on the server.

--tom
--
Tom Christiansen		tchrist@convex.com	convex!tchrist
"With a kernel dive, all things are possible, but it sure makes it hard
 to look at yourself in the mirror the next morning."  -me