[873] in linux-security and linux-alert archive
Re: [linux-security] Re: A secure (?) nfs-server ?
daemon@ATHENA.MIT.EDU (Brian Mitchell)
Tue Jul 2 11:23:55 1996
Date: Tue, 2 Jul 1996 05:17:08 -0400 (EDT)
From: Brian Mitchell <brian@saturn.net>
To: Grant Kaufmann <gkaufman@cs.uct.ac.za>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0ua8oZ-00097nC@cs.uct.ac.za>
On Sun, 30 Jun 1996, Grant Kaufmann wrote:
> > I recently ran into a new hole regarding NFS.
> > Insted of exploiting it, I figured I would tell you about it.
> [stuff deleted]
>
> This doesn't seem particularly interesting. NFS mount requests
> from unprivileged ports have been disallowed on all our sites as it
> is simple to emulate the RPC calls which NFS uses from a user-level
> account without the use of slirp.
> A more interesting question is whether this NFS mount attack
> could be performed by a spoofing host. Anyone know if this has
> been accomplished?
It probably could, but if you can't get the file handles back, what good
does it do you?
Brian Mitchell brian@saturn.net
Unix Security / Perl / WWW / CGI http://www.saturn.net/~brian
"I never give them hell. I just tell the truth and they think it's hell"
- H. Truman