[152] in linux-security and linux-alert archive
Re: SECURITY: NFS Vulnerability
daemon@ATHENA.MIT.EDU (David Kastrup)
Mon Mar 13 15:24:16 1995
Date: Mon, 13 Mar 95 09:57:35 +0100
From: dak@pool.informatik.rwth-aachen.de (David Kastrup)
To: linux-security@tarsier.cv.nrao.edu
Reply-To: linux-security@tarsier.cv.nrao.edu
In comp.os.linux.announce you write:
> ALERT - Announcement of the Linux Emergency Response Team :)
>The current Linux NFS server (version 2.0) has a couple of security problems
>some of which have been known for a while and supposedly been fixed a long
>time ago. However, none of the versions I found on the usual FTP sites had
>these fixes incorporated.
Will the new server not mix up read-only exports? My current nfsd does.
This means I have to export all file systems read/write (or probably
all read-only, but I cannot do that), because otherwise some file systems
are read-write, and some are read-only, but you cannot predict which will
be which. It changes over time, too.
This is a rather current version of Slackware (off the server, perhaps
2 months or 4 in the run).
--
David Kastrup, Goethestr. 20, D-52064 Aachen Tel: +49-241-72419
Email: dak@pool.informatik.rwth-aachen.de Fax: +49-241-79502
