Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!spdcc!dyer From: dyer@spdcc.COM (Steve Dyer) Newsgroups: comp.unix.wizards Subject: Re: NFS and many thousands of user-id's Message-ID: <386@spdcc.COM> Date: Wed, 11-Nov-87 14:14:25 EST Article-I.D.: spdcc.386 Posted: Wed Nov 11 14:14:25 1987 Date-Received: Fri, 13-Nov-87 23:38:05 EST References: <7605@g.ms.uky.edu> <694@jimi.cs.unlv.edu> <1829@rti.UUCP> Reply-To: dyer@spdcc.COM (Steve Dyer) Organization: S.P. Dyer Computer Consulting, Cambridge MA Lines: 33 At MIT Project Athena, where every public workstation either has a well-known root password or can be rebooted at will to gain a root shell, we implemented a VERY simple hack to increase the security of NFS filesystems in this environment. All user ids, not just uid 0, are mapped to "nobody" on a NFS server in the absence of a unique uid-mapping structure which associates an [IP address, remote uid] pair with set of credentials for that particular server. Each NFS server maintains its own database of credentials, so that a server may be open for everyone in the community to use, or restricted to just a few. A uid map entry is created on a NFS server through a client program which issues a new mountd RPC call to the server to install a uid map entry. Secure authentication of the RPC request to mountd (which is the key to its usefulness) is performed by rpc.mountd on the server using the Kerberos authentication system, also developed at Project Athena. The total amount of kernel code was incredibly small; no more than a few pages, and most of that was just the bookkeeping of hashing/creating/deleting uid map entries--the code added to the NFS server itself consists of only one line! The changes to rpc.mountd and the new client program are similarly straight- forward. There is virtually no performance penalty in choosing this, since each NFS request is not individually authenticated; only the installation of credentials for a uid on a host. Jeff Schiller and Bill Sommerfeld of Athena worked on the design and implementation of the uid map system and its kernel changes, while I designed and implemented the client program to install the map and added code to rpc.mountd. No more than a month's worth of work on a part-time basis. I believe there will be a session at the upcoming USENIX in Dallas where Athena staff will be discussing Kerberos and the NFS changes (which are only one application of Kerberos.) -- Steve Dyer dyer@harvard.harvard.edu dyer@spdcc.COM aka {ihnp4,harvard,linus,ima,bbn,m2c}!spdcc!dyer