Xref: utzoo comp.protocols.nfs:208 comp.sys.ibm.pc:29306 Path: utzoo!attcan!uunet!mcvax!kth!sunic!dkuug!iesd!kjeld From: kjeld@iesd.dk (Kjeld Flarup) Newsgroups: comp.protocols.nfs,comp.sys.ibm.pc Subject: Re: PCNFS and security Keywords: Network security Message-ID: <1953@iesd.dk> Date: 25 May 89 12:25:10 GMT References: <2373@daimi.dk> Reply-To: kjeld@iesd.dk (Kjeld Flarup) Organization: Dept. of Comp. Sci., Aalborg University, Denmark Lines: 37 In article <2373@daimi.dk> poj@daimi.dk (Per Olsvig Jensen) writes: > I'd like to start a discussion on the matter: > PC-NFS and System Security. > In fact it took me less than half an hour to locate the UserIds >etc. in the memory of PC-NFS an to set them as I liked. Once these >Ids are set, nothing seems to prevent me from mounting an other >users files on the SUN, writing them or deleting them as I would >like to. It is correct that you can't sucure any data in memory on a 8088 machine. However possible on 80286 in vitual mode this is never used. Now i would not claim to know anything about the PC-NFS system. But how can the server when communicating with a remote machine know that this remote machine is a machine belonging to the system. This issues an even bigger problem with networking. It is possible to tap the communication between machines. Unless everything is encrypted with the correct password, it is infact public. So you say that you can change your user id and group. Right immediately i see two quite obviously solutions. 1) Do not let the PC know that there are other disk area's than these it is allowed to access. (That sure is the MS-DOS ghost ) 2) Install a translator process on the server, that generates new codes for User and Group id each time a login is performed. Thus it would be impossible to change these to anything else with a meaning. My conclusion is that MS-DOS is and always will be a low security system, and when connecting it to other systems it automaticly becomes the weakest point in the chain. Kjeld Flarup Christensen | "I'am now twentyseven times older than the universe kjeld@iesd.dk | itself." Marvin the depressed Robot.