Xref: utzoo comp.os.os2.misc:509 comp.os.os2.apps:73 alt.sys.sun:2407 comp.protocols.nfs:1646
Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!zaphod.mps.ohio-state.edu!wuarchive!udel!princeton!puppsr!marty
From: marty@puppsr.Princeton.EDU (Marty Ryba)
Newsgroups: comp.os.os2.misc,comp.os.os2.apps,alt.sys.sun,comp.protocols.nfs
Subject: RE: TCP/IP & NFS Client for OS/2 systems; what's out there?
Message-ID: <4984@idunno.Princeton.EDU>
Date: 31 Dec 90 18:05:10 GMT
References: <1990Dec31.144240.13689@arnor.uucp>
Sender: news@idunno.Princeton.EDU
Reply-To: marty@pulsar.princeton.edu
Followup-To: comp.os.os2.misc
Organization: Dept. of Physics, Princeton U.
Lines: 16

In article <1990Dec31.144240.13689@arnor.uucp>, yozzo@ibm.com writes:
|> I do not know about your environment but a lot of
|> environments that I have seen, the users have there own workstation
|> and they have the root password on their workstation.
|> Given this, they can 'su' to any user they wish and
|> therefore can spoof NFS.

What!?  From what I understand of NFS (at least Sun NFS), UID root will *NOT*
be accepted for most activities.  On SunOS, root on a client machine can only
modify a filesystem if it has been exported -root=<client>.  Check the man
page for exportfs.

Marty Ryba                      | slave physics grad student
Princeton University            | They don't care if I exist,
Pulsars   Unlimited             | let alone what my opinions are!
marty@pulsar.princeton.edu      | Asbestos gloves always on when reading mail