Xref: utzoo comp.protocols.nfs:220 comp.sys.ibm.pc:29693
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!mailrus!ulowell!tegra!vail
From: vail@tegra.UUCP (Johnathan Vail)
Newsgroups: comp.protocols.nfs,comp.sys.ibm.pc
Subject: Re: PCNFS and security
Message-ID: <520@atlas.tegra.UUCP>
Date: 2 Jun 89 13:48:48 GMT
References: <2373@daimi.dk>
Organization: Tegra, Inc., Billerica, MA
Lines: 37
In-reply-to: poj@daimi.dk's message of 25 May 89 10:46:58 GMT

In article <2373@daimi.dk> poj@daimi.dk (Per Olsvig Jensen) writes:

     I'd like to start a discussion on the matter:
		    PC-NFS and System Security.

     As I see it, giving a PC, where the terms user, username, userid
   and so forth doesn't exist at all, access to NFS on ie. a SUN with
   profound user access security check, is bound to create security
   holes. I mean, who can assure you, that on the PC, the person using
   PC-NFS is really the one PC-NFS thinks he is. All PC-NFS seems to
   check, is that the UserId and GroupId are the right ones. It is
   intended that these Ids are set up by User Authentication, but what
   in the world prevents a hacker from setting up this information
   himself ?

Your problem is that the access information is stored in your
computer.  In the implementation I have when you boot and bring up NFS
it asks you for username and password to get write access.  Read
access is allowed anywhere it is usually allowed.

As I see it your security issues are:

Physical security of the machine and ethernet (which is not considered
secure)

And access security.  People should reboot when they are done if they
are worried about security.

At any rate, unless there are bugs that I am not aware of the issues
are no different than a workstation.  Log off when you are done and
don't keep passwords on the machine.

"A screaming comes across the sky"
 _____
|     | Johnathan Vail | tegra!N1DXG@ulowell.edu
|Tegra| (508) 663-7435 | N1DXG@145.110-,145.270-,444.2+,448.625-
 -----