Subject: Re: nfs - export file
To: John Franklin <franklin@elfie.org>
From: Nathan J. Williams <nathanw@MIT.EDU>
List: tech-security
Date: 09/25/2001 14:16:35
John Franklin <franklin@elfie.org> writes:
> On Tue, Sep 25, 2001 at 12:10:47PM -0400, Nathan J. Williams wrote:
> > In reality, an attacker could access any of the exported filesystems
> > with options permitted by the least restrictive of the exports.
> >
> > The NFSv2 spec is RFC 1094, NFSv3 is 1813, and I'm ignoring NFSv4
> > because it doesn't really exist in the market yet. The details are in
> > there.
>
> Are you saying that the NFS export ID can't be and/or isn't encoded in
> the NFS filehandle? Or the client IP (to prevent shared FHs?) Or any
> other security token? Say, hash the filehandle with a secret number
> held by the server, and include the last 4-8 bytes in the file handle?
>
> It should be trivial to allow different options on NFS exported
> filesystems.
"A simple matter of programming". Got some patches?
I suspect that system designers look at the lack of security in NFS
(cleartext data, metadata, and handles; replayable handles;
client-specified userid, and so on) and simply decide not to bother
band-aiding it.
- Nathan