Subject: kern/1086: NFS Security Hole
To: None <gnats-admin@sun-lamp.cs.berkeley.edu>
From: None <jonny@gaia.coppe.ufrj.br>
List: netbsd-bugs
Date: 05/29/1995 23:50:06
>Number: 1086
>Category: kern
>Synopsis: NFS - Security Hole - User map does not refuse root
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: kern-bug-people (Kernel Bug People)
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon May 29 23:50:05 1995
>Originator: Joao Carlos Mendes Luis
>Organization:
Universidade Federal do Rio de Janeiro
>Release: 1.0
>Environment:
System: NetBSD gaia.coppe.ufrj.br 1.0 NetBSD 1.0 (GAIA) #11: Sat May 27 23:11:45 EST 1995 jonny@gaia.coppe.ufrj.br:/usr/src/sys/arch/i386/compile/GAIA i386
>Description:
When I export a directory with -mapall option it does not work
correctly with foreign root. Permissions to read directories are
bypassed.
All other permissions seen to be ok:
- I cannot read, write, or even create a file.
>How-To-Repeat:
1) Example /etc/exports file:
/usr/home/ftp -ro -mapall=nobody: -network ufrj
2) Create a directory like:
drwx--x--x 4 root wheel 512 Apr 23 16:09 /usr/home/ftp/hidden
Mount the file system in another machine. Access as root.
You can see all files in the directory.
>Fix:
Sorry, I haven't tried.
Jonny
--
Joao Carlos Mendes Luis jonny@coe.ufrj.br
+55 21 290-4698 ( Job ) jonny@adc.coppe.ufrj.br
Network Manager UFRJ/COPPE/CISI
Universidade Federal do Rio de Janeiro
>Audit-Trail:
>Unformatted: