[234] in linux-security and linux-alert archive
Re: linux nfsd
daemon@ATHENA.MIT.EDU (alex)
Tue May 16 04:06:55 1995
Date: Wed, 10 May 1995 19:22:00 -0400 (EDT)
From: alex <alex@bach.cis.temple.edu>
To: Aleph One <aleph1@dfw.net>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SUN.3.90.950509005058.243C-100000@dfw.net>
Hello,
> ObBug: i have recently discovered that it is possible to re-export an
> imported filesystem under Linux. to illustrate:
>
> hostA --> exports /usr/share to -access=hostB
> hostB --> a linux box. re-exports /usr/share to everyone
> hostC --> not implicitly trusted by hostA, mounts /usr/share
>
> aside from any security concerns, this would certainly thrash your nfsd's.
> does anyone have any experience with this? i have only recently discovered
> this, and have not had time to peruse it in depth.
I do not think that there's a security problem here. When hostA exports
/usr/share to hostB /usr/share becomes a part of hostB's filesystem. Now
this is not of hostA's business to know/limit what hostB does to parts of
its filesystem.
Best wishes.
Alex
=============================================================================
CIS Laboratories email: alex@bach.cis.temple.edu
TEMPLE UNIVERSITY ayuriev@yoda.cis.temple.edu
USA Tel: 1-800-DEV-NULL
http://bach.cis.temple.edu
=============================================================================
