[153] in linux-security and linux-alert archive
Re: SECURITY: NFS Vulnerability
daemon@ATHENA.MIT.EDU (Thomas Koenig)
Mon Mar 13 17:31:05 1995
To: linux-security@tarsier.cv.nrao.edu
Date: Mon, 13 Mar 1995 11:09:18 +0100 (MET)
In-Reply-To: <m0rnzhO-000zgHC@sonic.net> from "Dane Jasper" at Mar 12, 95 06:17:00 pm
From: Thomas.Koenig@ciw.uni-karlsruhe.de (Thomas Koenig)
Reply-To: linux-security@tarsier.cv.nrao.edu
> I have annother security problem with NFS - but a minor one. Users can
> cause denial of service attacks by locking up NFS servers that they have
> access to..
>
> mount -t nfs server.edu:/exports/goodies /mnt
> mkdir /mnt/another_mountpoint
> mount -t nfs server.edu:/exports/goodies /mnt/another_mountpoint
> ll /mnt/another_mountpoint
>
> Because NFS is not multithreaded, I think this will fail.. Let me know if
> I'm barking up the wrong tree - I get the digest, so I'll see responses.
This won't cause (too many) problems. The current NFS server does
serve requests sequentially, but one ll will generate many requests.
As far as making nfs multithreaded goes - it might make more sense to
start up multiple nfs daemons which listen on the same socket, then take
turns in servicing requests (especially with the rather high
authentication load in 2.1). I don't think this should/could be done
in user space, though.
Thomas
