[93] in linux-security and linux-alert archive
Re: Yet another NFS hole
daemon@ATHENA.MIT.EDU (Elias Levy)
Fri Mar 10 07:23:56 1995
Date: Fri, 10 Mar 1995 00:55:22 -0800 (PST)
From: Elias Levy <elias@power.net>
To: linux-security@tarsier.cv.nrao.edu
cc: Jeff Uphoff <juphoff@tarsier.cv.nrao.edu>,
Alan Cox <iialan@iifeak.swan.ac.uk>,
Thomas.Koenig@ciw.uni-karlsruhe.de
In-Reply-To: <m0rmsj2-000KikC@monad.swb.de>
Reply-To: linux-security@tarsier.cv.nrao.edu
[mod: quoting trimmed. --okir]
On Fri, 10 Mar 1995, Olaf Kirch wrote:
> Thomas Koenig's post about NFS file handle spoofing got me thinking.
> After two hours of work, I've come up with a small program that lets
> me mount our domain hub's file system without having contacted mountd.
This is an old bug. You can use nfsbug to find if you server has this and
other nfs related bugs. (BTW people should really take a look at old
bugtraq archives.) The code is been out for ages so no need to be
hidding it. You can find it at http://underground.org/tools/unix/audit/
I dont belive you need to keep track of clients with mounted file
systems, just make the handles more randos, but i'am no nfs expert to
I'll shut up :)
Elias
