[243] in linux-security and linux-alert archive
NFS re-export and more
daemon@ATHENA.MIT.EDU (Olaf Kirch)
Fri May 26 04:07:00 1995
From: okir@monad.swb.de (Olaf Kirch)
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 25 May 1995 16:38:43 +0200 (MET DST)
Hi all,
Sorry for being so late in picking up this thread, but I've been buried
under a pile of work.
The NFS re-export problem is actually two-fold. On one hand, if machine
B exports directory /foo/bar, with a directory named /foo/bar/mnt NFS-mounted
from host A below it, nfsd should hide anything below that mount point.
It has been doing so for ages, except for a tiny exception: When the
client C does a readdir, it actually sees the . and .. entries from host
A instead of the (hidden) entries from B. That will take some tweaking
to fix it, and I haven't done it yet.
On the other hand, mountd should never hand out file handles for NFS-mounted
directories. Until now, it did check for this. This is fixed in the
upcoming 2.2alpha9 version.
Finally, a word about shells and other stuff being owned by bin. Normally,
having /bin/sh and other files owned by bin should not be a great problem
because the bin account should have password `*', and there shouldn't be
any setuid bin programs around. So to become bin, the only way is to
execute `su - bin' as root.
However, this picture changes with NFS. Although we have root squashing,
this applies only to uid/gid 0; all other IDs are passed unaltered. The
obvious cure against this is to add another exports option to nfsd that
squashes all uids/gids within a certain `sensitive range' from, say,
0 through 50.
Olaf
--
Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
For my PGP public key, finger okir@brewhq.swb.de.
