[20] in linux-net channel archive
Re: NFS mounting and security
daemon@ATHENA.MIT.EDU (Swen Thuemmler)
Mon Jan 16 05:12:25 1995
Date: Mon, 16 Jan 1995 10:12:48 +0100 (MET)
From: Swen Thuemmler <swen@uni-paderborn.de>
To: Linux Activists <linux-activists@niksula.hut.fi>
Cc: Linux Net <linux-net@vger.rutgers.edu>
In-Reply-To: <95Jan15.200711eet.55588-1@niksula.hut.fi>
On Sun, 15 Jan 1995, Matthias Urlichs wrote:
> > > >Problem is, our servers run SunOS 4.1.3 and SunOS 5.3. No easy way of
> > > >fixing :(
> > >
> Oh great. Then how do their client NFS implementations do this? Use a
> multiple-address list? Be insecure?
I think they are "insecure" by accepting NFS packets from any address, at
least this is what watching with tcpdump indicates.
[...]
> Assuming that we should fix this in Linux, the Really Good approach would be
> to pass a list of addresses to the kernel. Then the kernel would check
> incoming replies against the list. _And_ it could round-robin the addresses
> if the server becomes unreachable, thereby increasing reliability (imagine
> two separate routes to the (multihomed) server, and one of the routers
> dies).
This implies the list of addresses is known, which often is not the case.
Anyway, the question remains: why do we consider accepting NFS packets
from any address by the _client_ insecure. An attacker would have to
forge a transaction ID (XID) (after intercepting a clients request to the
server), and if he can do this, it should be no problem to forge the
address, too. Therefore I think this is not really a problem.
Greetings, Swen
