Bugtraq mailing list archives

Re: NFS exporting

From: perry () snark imsi com (Perry E. Metzger)
Date: Wed, 13 Apr 1994 13:39:33 -0400


Scott D. Yelich says:



I'd like to start a thread on the security issues surrounding using
NFS and NFS exporting.

First a little background: I'm starting up my own public access
internet site and I am concerned about security issues relating to
NFS.

Here's an introductory question:
How much does secure nfs (rpc) gain for you?


Secure rpc buys you only a little bit -- it requires a bit of skill to
break it, but it will doubtless be easy to break when someone posts a
cracking script to the net sometime.

As for NFS in general, its useless. As soon as you export an NFS
partition to the net (at least if you export it writable), you can
kiss your machine goodbye. Among other nasty tricks, even without the
mountd giving you any informaiton on the host you can just flood the
machine with unlink requests or guess inode generation numbers or
other such things. NFS is a hunk of junk.

Perry

Current thread:

NFS exporting Scott D. Yelich (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 13)
  - Re: NFS exporting Mike Evans (Apr 13)
  - Re: NFS exporting Aggelos D. Keromitis (Apr 13)
    - Re: NFS exporting Perry E. Metzger (Apr 13)
    - Re: NFS exporting Michael Neuman (Apr 13)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Paul Graham (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 15)
- <Possible follow-ups>
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
  - Re: NFS exporting Perry E. Metzger (Apr 14)

(Thread continues...)