Path: utzoo!censor!geac!torsqnt!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!newstop!exodus!terra.Eng.Sun.COM!brent
From: brent@terra.Eng.Sun.COM (Brent Callaghan)
Newsgroups: comp.os.os2.misc
Subject: Re: TCP/IP & NFS Client for OS/2 systems; what's out there?
Message-ID: <5128@exodus.Eng.Sun.COM>
Date: 2 Jan 91 22:12:51 GMT
References: <1990Dec31.144240.13689@arnor.uucp> <4984@idunno.Princeton.EDU>
Sender: news@exodus.Eng.Sun.COM
Lines: 32

In article <4984@idunno.Princeton.EDU>, marty@puppsr.Princeton.EDU (Marty Ryba) writes:
> In article <1990Dec31.144240.13689@arnor.uucp>, yozzo@ibm.com writes:
> |> I do not know about your environment but a lot of
> |> environments that I have seen, the users have there own workstation
> |> and they have the root password on their workstation.
> |> Given this, they can 'su' to any user they wish and
> |> therefore can spoof NFS.
> 
> What!?  From what I understand of NFS (at least Sun NFS), UID
> root will *NOT* be accepted for most activities.  On SunOS,
> root on a client machine can only modify a filesystem if it has
> been exported -root=<client>.  Check the man page for
> exportfs.

That's true, but you've misunderstood the original statement.

As root on your own workstation there's nothing to stop
you su'ing to someone else.  In the su shell you'll have
a new set of credentials and these will be conveyed faithfully
across the wire by NFS.  In this case there's no root credentials
going across the wire.

As Ralph points out, AUTH_UNIX is very easy to spoof.
If you want the convenience of AUTH_UNIX and are concerned about
security then you should restrict the export access to trusted
hosts.  Then you just have to worry about IP address spoofing....

--

Made in New Zealand -->  Brent Callaghan  @ Sun Microsystems
			 Email: brent@Eng.Sun.COM
			 phone: (415) 336 1051