[110] in linux-security and linux-alert archive
Re: NFS patch
daemon@ATHENA.MIT.EDU (Jeff Uphoff)
Sat Mar 11 18:47:41 1995
Date: Sat, 11 Mar 1995 18:37:04 -0500
From: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: Your message of Sat, March 11, 1995 15:01:37 +0100
Reply-To: linux-security@tarsier.cv.nrao.edu
-----BEGIN PGP SIGNED MESSAGE-----
"OK" == Olaf Kirch <okir@monad.swb.de> writes:
OK> Here's a patch to nfsd that should fix the hole I've reported earlier.
OK> It's against a clean nfs-server-2.0 source. Could you please check if the
OK> patch breaks anything for you? It works for me, but I wouldn't want to
OK> release it publicly without some sort of double-check.
It (the daemon patches) seems to work for me perfectly. That spoofing
program you wrote worked as well (unfortunately); I could wander all
over a remote machine's directory tree via NFS (to a machine that wasn't
exporting anything to anybody, but running 'nfsd' anyway), though I
could not write to the FS or resolve symlinks properly--files were wide
open for reading however... Installing a patched 'nfsd' on the target
machine blocked this as intended, yet allowed normal access once I added
a proper entry to the fstab.
Lets see what feedback we get (everyone that can, please try this patch
out ASAP) and then we'll probably make an "alert" in the next day or so
and make the patch available. This appears to be a _bad_ hole!
OK> * Use setfsuid/setfsgid for setting owner/group on file
OK> access rather than seteuid. As these functions are not
OK> yet in libc-4.6.27, there's a small assembler file
OK> that implements them.
I've got libc-4.6.29 (from Ted Ts'o's "private" area on tsx-11); it has
these functions, but your assembly file seems to work as well...
OK> * Implement root_squash and no_root_squash mount options.
Works for me.
- --Up.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBL2I0ArxzFUpUTHgFAQEDLgQA2B0ZgVTibxMDPeLWaW8icfyd4crd/6cP
j6W+F/IjffGTCiIyldiH7wrGf3KyuPER37gUmxXEcLxESpPVby4ShB/DsgZ1eml/
tie6wOLjWmdZdGhU6YTM2HcsAL3LjoCnaLYbPwZFo739at6H0npgDTEJ16lyBMRz
LVKxWY9rotU=
=HhYa
-----END PGP SIGNATURE-----
--
Jeff Uphoff - systems/network admin. | juphoff@nrao.edu
National Radio Astronomy Observatory | jeff.uphoff@linux.org
Charlottesville, VA, USA | http://linux.nrao.edu/~juphoff/
