Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!merworth
From: merworth@cs.utexas.edu (Boyd Merworth)
Newsgroups: comp.sys.hp
Subject: Re: HP-UX: unacceptable  [Was: root-over-nfs under HP-UX 6.5]
Message-ID: <7405@cs.utexas.edu>
Date: 21 Dec 89 15:26:29 GMT
References: <7234@cs.utexas.edu> <140010@hpuflfa.HP.COM>
Organization: U. Texas CS Dept., Austin, Texas
Lines: 43
Summary:

In article <140010@hpuflfa.HP.COM>, ronw@hpuflfa.HP.COM (Ron Williams) writes:
> 
>                           A standard kernel on a file server will map all
>  remote  root accesses over an NFS mount (ie. a NFS client's root session
>  accessing  one  of  the  NFS  server's filesystems )  from the user-id 0
>  (super-user) to the user-id (UID) of -2 (nobody).  A remote client's NFS
>  backup program, executed as root, will not be able to read all the files
>  on  the server, due to the UID being  mapped to -2 (nobody). In fact, no
>  account  on the remote client is likely  to have the permissions to read
>  every  file on the server's filesystem (especially, the "/" filesystem).
>  To allow a remote client to read all the files on a server and back them
>  up,  the mapping of the UID 0 to the  UID -2 must be "turned off" on the
>  NFS file server.

Again, this is what is wrong.  In my kernel, _nobody = -2.  This still
allows root from a (non-HP) client to access any mounted filesystem
from the HP fileserver and make changes.  IT'S BUSTED!  I can repeat it without
failure.  On the client, I mount a filesystem from the HP fileserver
running HP-UX 6.5.  I become root on the client, I cd to the
NFS mounted filesystem, I do anything I like.  Here's what's in the kernel:

	taklamak# adb /hp-ux /dev/mem
	executable file = /hp-ux
	core file = /dev/mem
	ready
	_nobody?D
	_nobody:        -2
	taklamak#

I have not modified _nobody in the kernel.  I've reported it to the HP
Response Center.  A local CE from HP came to my office and I showed
him what happens, he verified it to the Response Center.  I still have
not receive a solution from the HP Response Center, although they have
issued an SR but have no idea as to when the SR will be completed.

I am supposed to receive HPUX 7.0 sometime after Feburary 21, 1990, that's
the estimated shipping date.  I can only hope that this situation has
been corrected in the new release, but I seriously doubt it.
-- 
Boyd Merworth
The University of Texas at Austin
Department of Computer Sciences, TAY 2.124, Austin, Texas 78712
merworth@cs.utexas.edu		{harvard,gatech,uunet}!cs.utexas.edu!merworth