[3089] in WWW Security List Archive
Re: cops Report
daemon@ATHENA.MIT.EDU (Ray W. Hiltbrand)
Thu Sep 26 13:11:46 1996
Date: Thu, 26 Sep 1996 10:15:47 -0500
From: "Ray W. Hiltbrand" <Ray.W.Hiltbrand@Eng.Auburn.EDU>
To: Myrddin <myrddin@apis.de>
CC: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
This really is not a www security issue. It is could be a system
security problem depending on your connection to the
Internet and if the router blocks NFS
It is not advised that you export Filesystems with no restrictions.
If you must export globally then you at least want to export the
filesystems read only.
Check your /etc/exports for a list of what you are exporting
- Ray W. Hiltbrand
Myrddin wrote:
>
> Hello !
>
> I just ran cops on my Linux2.0.0 ans it reported
>
> Warning! NFS file system exported with no restrictions!
> Warning! NFS file system exported with no restrictions!
> Warning! NFS file system exported with no restrictions!
> Warning! NFS file system exported with no restrictions!
>
> I am not yet really into Linux, and I wonder if that is really a security
> leak and how to solve it ?
>
> Thank You in advance for Your reply
>
> Michael Goeller
--
Ray W. Hiltbrand Ray.W.Hiltbrand@eng.auburn.edu
Engineering Network Services
Auburn University http://www.eng.auburn.edu/~rayh/rayh.html
If it doesn't do what you want, subclass and override.
