Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!bloom-beacon!snorkelwacker!spdcc!dyer
From: dyer@spdcc.COM (Steve Dyer)
Newsgroups: comp.unix.i386
Subject: Re: RFS is by far better that NFS!
Message-ID: <884@ursa-major.SPDCC.COM>
Date: 16 Dec 89 05:55:44 GMT
References: <218@inpnms.UUCP> <BITBUG.89Dec14220256@lonewolf.sun.com> <221@inpnms.UUCP>
Reply-To: dyer@ursa-major.spdcc.COM (Steve Dyer)
Distribution: na
Organization: S.P. Dyer Computer Consulting, Cambridge MA
Lines: 19

Yes, it's true.  An amazingly big security hole once you
start thinking about it.  I thought that Sun had some
"secure RPC" feature in recent releases which suffices
to limit its impact, but I don't know the details.
At Project Athena, we added a small amount of code to our
NFS servers such that every uid (not just root) is mapped
to "nobody" unless that uid/IP address pair has a "uid
mapping structure", a new data structure residing in the
NFS server kernel.  UID mapping structures are securely
installed on the server using a new rpc.mountd RPC call
which uses the Kerberos authentication system.  We have
an application which runs on the client called "attach"
which integrates name service, authentication and the mount
protocol.

-- 
Steve Dyer
dyer@ursa-major.spdcc.com aka {ima,harvard,rayssd,linus,m2c}!spdcc!dyer
dyer@arktouros.mit.edu, dyer@hstbme.mit.edu