Path: utzoo!attcan!uunet!lll-winken!lll-tis!mordor!joyce!ames!mailrus!husc6!mit-eddie!apollo!mishkin
From: mishkin@apollo.COM (Nathaniel Mishkin)
Newsgroups: comp.unix.wizards
Subject: Re: NFS Security:  a summary
Message-ID: <3e5d8f8f.13422@apollo.COM>
Date: 9 Sep 88 14:38:00 GMT
References: <153@leibniz.UUCP> <43200038@uicsrd.csrd.uiuc.edu> <13457@mimsy.UUCP>
Reply-To: mishkin@apollo.com (Nathaniel Mishkin)
Organization: Apollo Computer, Chelmsford, MA
Lines: 21

In article <13457@mimsy.UUCP> chris@mimsy.UUCP (Chris Torek) writes:
>In article <43200038@uicsrd.csrd.uiuc.edu> kai@uicsrd.csrd.uiuc.edu writes:
>>I haven't seen anyone mention ANY security problems involving NFS that don't
>>require you already have the keys to the kingdom.  [root access somewhere]
>
>If you have a workstation on your desk, you have root access to that
>workstation.  It may take a while to break in, but if I have physical
>access to your machines, I have root access to your machines.  It is
>as simple as that (which may not be simple!).

Not even to mention an IBM PC that supports UDP/IP.  Bring up SUN RPC
and start making those NFS requests with the uid of your choice.  Even
simpler, you could just start with PC/NFS.  (Yes, I know how glassy my
house is too.)  Ah, what a fool's paradise we're all living in.  I'm
waiting for some Chernobyl of computer security to hit before people wake
up to the exposure.  "Oh, but I *trust* all those machines in my network."
Hmmph.  If you have more than 10, you just can't.

-- 
                    -- Nat Mishkin
                       Apollo Computer Inc., Chelmsford, MA
                       mishkin@apollo.com