[869] in linux-security and linux-alert archive
[linux-security] Re: A secure (?) nfs-server ?
daemon@ATHENA.MIT.EDU (Grant Kaufmann)
Mon Jul 1 14:32:33 1996
From: gkaufman@cs.uct.ac.za (Grant Kaufmann)
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 30 Jun 1996 00:48:31 +0200 (SAT)
> I recently ran into a new hole regarding NFS.
> Insted of exploiting it, I figured I would tell you about it.
[stuff deleted]
This doesn't seem particularly interesting. NFS mount requests
from unprivileged ports have been disallowed on all our sites as it
is simple to emulate the RPC calls which NFS uses from a user-level
account without the use of slirp.
A more interesting question is whether this NFS mount attack
could be performed by a spoofing host. Anyone know if this has
been accomplished?
--
Grant
--