[1250] in linux-security and linux-alert archive
[linux-security] NFS, /proc, and nfsd --re-export
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Sun Oct 20 07:31:14 1996
To: linux-security@tarsier.cv.nrao.edu
Date: Sat, 19 Oct 1996 21:02:23 +0200
From: Olaf Kirch <okir@monad.swb.de>
Hi all,
This is really no big deal, but maybe it's worthwhile to keep in mind.
I recently started wondering what would happen when someone managed to
write values to certain /proc files via NFS, and it sent cold shivers
down my back. I looked a bit closer at it and found that the problem
is a non-problem for most sites.
The reason is that nfsd refuses to access file systems which reside on
a device with major number 0. This is mainly aimed at denying transitive
access to FSs mounted from other remote hosts. However, as a virtual
FS, procfs also uses a major number of 0. This feature can be disabled
when you specify the --re-export or -r flag, however.
So, don't use --re-export, or, if you insist on doing so, e.g. because
you wish to distribute a Novell FS to other UNIX clients, do yourself
a favor and don't export your root fs (a bad habit anyway).
Have a nice day
Olaf