Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!tut.cis.ohio-state.edu!ucsd!hub.ucsb.edu!ferkel.ucsb.edu!jim From: jim@ferkel.ucsb.edu (Jim Lick) Newsgroups: comp.os.os2.misc Subject: Re: TCP/IP & NFS Client for OS/2 systems; what's out there? Message-ID: <7925@hub.ucsb.edu> Date: 31 Dec 90 21:27:11 GMT References: <1990Dec31.144240.13689@arnor.uucp> <4984@idunno.Princeton.EDU> Sender: news@hub.ucsb.edu Organization: Laputa, Castle in the Sky Lines: 29 In article <4984@idunno.Princeton.EDU> marty@pulsar.princeton.edu writes: >In article <1990Dec31.144240.13689@arnor.uucp>, yozzo@ibm.com writes: >|> Given this, they can 'su' to any user they wish and >|> therefore can spoof NFS. > >What!? From what I understand of NFS (at least Sun NFS), UID root will *NOT* >be accepted for most activities. On SunOS, root on a client machine can only >modify a filesystem if it has been exported -root=. Check the man >page for exportfs. > Yozzo didn't make it completely clear what he meant. What he meant is that persons with root access can access files owned by anyone except root on the NFS mounted partition. In example: Suppose I give mount access to my /home partion on ferkel to someone with root access on alpo. All he has to do to access my 'jim' files is to create an account on alpo with my UID and GID, and then su to that user. True, unless you have a root= option in the exports file, the user on alpo has only limited access to all root owned files, but all others are wide open. I consider this to be a significant security risk, as many people will set up whole partitions as world or site accessible. It's important to export only to machines you are personally responsible for, or trust, if you have files you need to protect. Jim Lick Work: University of California | Home: 6657 El Colegio #24 Santa Barbara | Isla Vista, CA 93117-4280 Dept. of Mechanical Engr. | (805) 968-0189 voice/msg 2311 Engr II Building | (805) 968-1239 data (805) 893-4113 | (805) 968-2734 fax jim@ferkel.ucsb.edu | Soon: jim@cave.sba.ca.us