[867] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] A secure (?) nfs-server ?

daemon@ATHENA.MIT.EDU (Wietse Venema)
Mon Jul 1 14:31:42 1996

From: wietse@wzv.win.tue.nl (Wietse Venema)
To: aleipold@clark.net
Date: Sat, 29 Jun 96 22:28:53 MET DST
Cc: gander@defiant.vte.com, sandman@chiara.dei.unipd.it,
        linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.SOL.3.93.960628202150.27862D-100000@clark.net>; from "aleipold@clark.net" at Jun 28, 96 8:23 pm

> Also, it does not check to see that the mount request originates from a 
> reserved port (<1023). Slirp usually binds to ports between 30000-60000 for
> TCP/UDP connections. 

When the server allows unprivileged NFS requests, any user-level NFS
client program is sufficient to grab the server's file systems. There
is no need to run a SLIRP connection for that.

	Wietse

home help back first fref pref prev next nref lref last post