Re: NFS exporting

[perry () snark imsi com (Perry E. Metzger)]

Carl Corey says:
> Now, are we talking exporting writeable to everyone, or _any_ NFS exported
> writeable partition?

Any NFS partition exported writable to anyone at all is vulnerable,
yes. THIS SHOULD NOT BE NEWS TO ANYONE. I'm shocked that anyone is
suprised by this.

> How would it be exploited?

People can read and write your disk. In addition, anyone with access
to your network can spoof NFS packets and either interfere with your
view of whats on the disk or with the server's idea of what you are
attempting to write (or read). The latter portion should be obvious --
its easy to mount an active attack on a udp based protocol -- but the
former (that people can spoof NFS very efficiently even without active
attacks on legitimate packet exchanges) should be well known.

> Is there a way to keep people from exploiting it (besides not
> exporting it)?

Yeah. Put in a firewall router to keep RPC packets from going into or
out of your network. Use a better file system (like AFS). Another
possibility is using kerberized secure RPC or some such that doesn't
depend on the (very flawed) original secure RPC key exchange. Myself,
I'd favor a combination of these things, including firewalling.

Perry