[7] in linux-security and linux-alert archive
NFS deamon can be killed by normal users.
daemon@ATHENA.MIT.EDU (R.E.Wolff@et.tudelft.nl)
Sat Mar 4 14:33:41 1995
To: linux-alert@tarsier.cv.nrao.edu
Date: Sat, 4 Mar 1995 17:18:35 +0100 (MET)
From: R.E.Wolff@et.tudelft.nl
Reply-To: linux-security@tarsier.cv.nrao.edu
Hi everyone,
I just subscribed, and now I have a place where I can leave this:
The nfs deamons can be killed by any user. This is because the
nfs deamon takes on the userid of the current request. It then
remains at this userID untill the next request.
The first fix would be to change back to uid root after serving
a request, but this would only reduce the time-span where an attack
might succeed. A true solution would allow the nfsd process to
indicate to the kernel that although it has the euid of a user, it
doesn't want to be considered "owned" by that user.
Roger Wolff.
