Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!amdcad!ames!sri-spam!rutgers!mcnc!rti!trt
From: trt@rti.UUCP (Thomas Truscott)
Newsgroups: comp.unix.wizards
Subject: Re: NFS and many thousands of user-id's
Message-ID: <1829@rti.UUCP>
Date: Wed, 4-Nov-87 21:44:15 EST
Article-I.D.: rti.1829
Posted: Wed Nov  4 21:44:15 1987
Date-Received: Sat, 7-Nov-87 18:28:56 EST
References: <7605@g.ms.uky.edu> <694@jimi.cs.unlv.edu>
Organization: Research Triangle Institute, RTP, NC
Lines: 22
Summary: mapping root -> nobody (-2) does not provide much security

In article <694@jimi.cs.unlv.edu>, greg@muddy.cs.unlv.edu (Greg Wohletz) writes:
> In article <7605@g.ms.uky.edu> david@ms.uky.edu (David Herron -- Resident E-mail Hack) writes:
> >(As does security problems like -- if you're root on one nfs machine
> >you can instantly become root on any other nfs machine
> >
> 
> I do not belive that the above is correct ...
> [because root can be mapped to -2 elsewhere].

[We are talking vanilla nfs here, your mileage may vary.]

If you are superuser on one nfs machine and want to subvert another
but your uid 0 is mapped to -2 elsewhere
and no other system honors the set-user-id bits on your programs,
then straightforward attacks are out.

But consider that *every other* uid is mapped flat.
So you have the powers of *every other* uid
on every other file system you can reach.
Only the insatiable power-hungry could want more,
and for them a simple trojan horse attack should finish the job.
	Tom Truscott