Re: access control for mountd, statd, and lockd?

[Steven Bellovin <smb%cs.columbia.edu@localhost>]

On Feb 8, 2010, at 1:34 PM, Chuck Swiger wrote:

> Hi--
> 
> On Feb 7, 2010, at 11:02 AM, Steven Bellovin wrote:
>> It would certainly take unusual code, like what mountd has.  Should there be 
>> libwrap code in the RPC library?  Should an optional port-number mapping 
>> file be consulted by svc_create?  I'm unhappy with the thought of network 
>> services with no access control at all.
> 
> Perhaps the new owners of Sun might be willing to license SecureRPC code 
> under more open terms?  At least, RFC-2203 is publicly available if someone 
> wants to roll their own implementation; and I've heard rumors to the effect 
> that Linux might have a GPL'ed implementation.
> 
> Otherwise, DCE from the OSF folks might be a reasonable alternative.
> 
> As I'm sure you know, NFS and the RPC services were designed for situations 
> where the machines doing filesharing can trust each other and can also trust 
> the network to not be compromised-- things like ethernet MAC spoofing and 
> replay attacks against NFS servers have had a long and grubby history of easy 
> security exploits.  If you don't want to trust the local network, then it's 
> not too difficult to use OpenVPN or SSH tunneling to create a secure tunnel 
> in which you can do RPC and NFS more safely.

Yup, though my concerns are broader -- I'd really like to block completely 
unwanted packets at the IP level, to guard against bugs in the authentication, 
the crypto, etc.  There's a long history of those, too.

                --Steve Bellovin, http://www.cs.columbia.edu/~smb