Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!olivea!orc!inews!iwarp.intel.com!gargoyle!ddsw1!bbs!karl
From: karl@naitc.naitc.com (Karl Denninger)
Newsgroups: comp.os.os2.misc
Subject: Re: TCP/IP & NFS Client for OS/2 systems; what's out there?
Summary: If 'ya got root, you got the run of things.
Message-ID: <1991Jan02.164323.17532@naitc.naitc.com>
Date: 2 Jan 91 16:43:23 GMT
References: <1990Dec31.144240.13689@arnor.uucp> <4984@idunno.Princeton.EDU>
Reply-To: karl@bbs.naitc.com (Karl Denninger)
Organization: A.C. Nielsen Co.
Lines: 35

In article <4984@idunno.Princeton.EDU> marty@pulsar.princeton.edu writes:
>In article <1990Dec31.144240.13689@arnor.uucp>, yozzo@ibm.com writes:
>|> I do not know about your environment but a lot of
>|> environments that I have seen, the users have there own workstation
>|> and they have the root password on their workstation.
>|> Given this, they can 'su' to any user they wish and
>|> therefore can spoof NFS.
>
>What!?  From what I understand of NFS (at least Sun NFS), UID root will *NOT*
>be accepted for most activities.  On SunOS, root on a client machine can only
>modify a filesystem if it has been exported -root=<client>.  Check the man
>page for exportfs.

However, you can do this:

$ su
Password: xxxxxxx
# su karl

cd /users/karl 	(where /users/karl is a NFS filesystem)

ls -al
.....

Since you can change your UID to anything you want if you're root, you can
get to any file which a user (not root) can get to should you desire.

If you can't get root, however, this problem does not occur....

--
Karl Denninger	AC Nielsen
kdenning@ksun.naitc.com
(708) 317-3285
Disclaimer:  Contents represent opinions of the author; I do not speak for
	     AC Nielsen on Usenet.