Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!zaphod.mps.ohio-state.edu!wuarchive!uunet!uunet!math.fu-berlin.de!opal!gmdtub!prosun!tmh From: tmh@prosun.first.gmd.de (Thomas Hoberg) Newsgroups: comp.unix.sysv386 Subject: Re: NFS-/etc/exports Keywords: nfs Message-ID: <681@bigfoot.first.gmd.de> Date: 23 May 91 15:05:04 GMT References: <223@gouche.UUCP> Sender: news@bigfoot.first.gmd.de Reply-To: tmh@prosun.first.gmd.de (Thomas Hoberg) Organization: GMD-FIRST, D-1000 Berlin 10 Lines: 30 In article <223@gouche.UUCP>, grant@gouche (Grant J. Munsey) writes: |> |> I have ISC 2.1 using NFS. I want to publish a file system such that |> a remote machine can become root wrt the file system. I notice in some |> NFS implementations the file /etc/exports is where you put instructions |> to NFS to allow this. In the NFS doc from Interactive it doesn't mention |> anything. Anyoue know the skinny on this? ISC or rather the Lachman Ass. version of NFS doesn't support this directly. I wrote a small program (sorry don't have it here) that used 'nm' to find the address of NOBODY in the kernel, did a seek, read and write on /dev/kmem (or was it /dev/mem ?) to patch NOBODY (maxint - 2 by default) to 0 (root). Root accesses are mapped to the UID NOBODY by default (for security reasons). This is very risky, though, because if a file system is exported to a machine with a user that is not know by the exporting system, that user will get mapped to NOBODY, too, meaning any unknown user will have *root* access, too. BTW, NOBODY has to be patched on the exporting system. |> ---- |> Grant Munsey, Mainticore, Inc. (408) 733-3838 |> grant@gouche.portal.com or decwrl!apple!portal!gouche!grant -- tom ---- Thomas M. Hoberg | UUCP: tmh@gmdtub.first.gmd.de or tmh%gmdtub@tub.UUCP c/o GMD Berlin | ...!unido!tub!gmdtub!tmh (Europe) or D-1000 Berlin 12 | ...!unido!tub!tmh Hardenbergplatz 2 | ...!pyramid!tub!tmh (World) Germany | BITNET: tmh%DB0TUI6.BITNET@DB0TUI11 or +49-30-254 99 160 | tmh@tub.BITNET