[873] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Re: A secure (?) nfs-server ?

daemon@ATHENA.MIT.EDU (Brian Mitchell)
Tue Jul 2 11:23:55 1996

Date: Tue, 2 Jul 1996 05:17:08 -0400 (EDT)
From: Brian Mitchell <brian@saturn.net>
To: Grant Kaufmann <gkaufman@cs.uct.ac.za>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0ua8oZ-00097nC@cs.uct.ac.za>

On Sun, 30 Jun 1996, Grant Kaufmann wrote:

> > I recently ran into a new hole regarding NFS.
> > Insted of exploiting it, I figured I would tell you about it.
> [stuff deleted]
> 
> This doesn't seem particularly interesting. NFS mount requests
> from unprivileged ports have been disallowed on all our sites as it 
> is simple to emulate the RPC calls which NFS uses from a user-level 
> account without the use of slirp. 
> A more interesting question is whether this NFS mount attack
> could be performed by a spoofing host. Anyone know if this has
> been accomplished?

It probably could, but if you can't get the file handles back, what good 
does it do you?

Brian Mitchell                          brian@saturn.net
Unix Security / Perl / WWW / CGI        http://www.saturn.net/~brian 
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman

home help back first fref pref prev next nref lref last post