Bugtraq mailing list archives

Re: CERT, about NFS

From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 22 Dec 1994 12:49:34 -0500

It's just flatly amazing to me how much hard labor people will
happily endure while never addressing the real, easily fixed, bug;
namely that NFS uses unauthenticated RPC by default.

Not shipping kerberos (or the functional equivalent) as a fully
integrated part of one's OS is ...


... necessary in order to ship it outside the US, thanks to your
government's brilliant restriction on letting encryption technology
(that's readily available everywhere) cross out of its borders.

I suppose NetBSD could invent some kind of RPC authentication that
doesn't use DES.  Given a cryptographically strong hash function like
MD5 or SHA, and a secret shared by server and desired client, it's easy
for the originator to certify packets and the receiver to verify them.
Whether one wants something as expensive as md5 on every nfs packet is
another question, of course.

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu

Current thread:

Re: CERT, about NFS, (continued)
- - Re: CERT, about NFS Scott Schwartz (Dec 21)
- Bugtraq reorganization notes Kevin at Freeside Support (Dec 21)
- Re: CERT, about NFS Leo Bicknell (Dec 22)
  - Re: CERT, about NFS Oliver Friedrichs (Dec 22)
  - (fwd) HP-UX 9.x: /usr/lib/expreserve creates files anywhere (fwd) Paul 'Shag' Walmsley (Dec 22)
  - Re: CERT, about NFS Chris Ellwood (Dec 22)
    - Re: CERT, about NFS Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Dave Mitchell (Dec 22)
  - Re: CERT, about NFS Steinar Haug (Dec 22)
- Re: CERT, about NFS Bela Lubkin (Dec 22)
- Re: CERT, about NFS der Mouse (Dec 22)
  - Re: CERT, about NFS Scott Schwartz (Dec 22)
- Re: CERT, about NFS phil servita (Dec 22)