[869] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: A secure (?) nfs-server ?

daemon@ATHENA.MIT.EDU (Grant Kaufmann)
Mon Jul 1 14:32:33 1996

From: gkaufman@cs.uct.ac.za (Grant Kaufmann)
To: linux-security@tarsier.cv.nrao.edu
Date: Sun, 30 Jun 1996 00:48:31 +0200 (SAT)

> I recently ran into a new hole regarding NFS.
> Insted of exploiting it, I figured I would tell you about it.
[stuff deleted]

This doesn't seem particularly interesting. NFS mount requests
from unprivileged ports have been disallowed on all our sites as it 
is simple to emulate the RPC calls which NFS uses from a user-level 
account without the use of slirp. 
A more interesting question is whether this NFS mount attack
could be performed by a spoofing host. Anyone know if this has
been accomplished?

-- 
Grant
--

home help back first fref pref prev next nref lref last post