Bugtraq mailing list archives
Re: CERT, about NFS
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 22 Dec 1994 12:49:34 -0500
It's just flatly amazing to me how much hard labor people will happily endure while never addressing the real, easily fixed, bug; namely that NFS uses unauthenticated RPC by default.
Not shipping kerberos (or the functional equivalent) as a fully integrated part of one's OS is ...
... necessary in order to ship it outside the US, thanks to your government's brilliant restriction on letting encryption technology (that's readily available everywhere) cross out of its borders. I suppose NetBSD could invent some kind of RPC authentication that doesn't use DES. Given a cryptographically strong hash function like MD5 or SHA, and a secret shared by server and desired client, it's easy for the originator to certify packets and the receiver to verify them. Whether one wants something as expensive as md5 on every nfs packet is another question, of course. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: CERT, about NFS, (continued)
- Re: CERT, about NFS Scott Schwartz (Dec 21)
- Bugtraq reorganization notes Kevin at Freeside Support (Dec 21)
- Re: CERT, about NFS Leo Bicknell (Dec 22)
- Re: CERT, about NFS Oliver Friedrichs (Dec 22)
- (fwd) HP-UX 9.x: /usr/lib/expreserve creates files anywhere (fwd) Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Chris Ellwood (Dec 22)
- Re: CERT, about NFS Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Dave Mitchell (Dec 22)
- Re: CERT, about NFS Steinar Haug (Dec 22)
- Re: CERT, about NFS Bela Lubkin (Dec 22)
- Re: CERT, about NFS der Mouse (Dec 22)
- Re: CERT, about NFS Scott Schwartz (Dec 22)
- Re: CERT, about NFS phil servita (Dec 22)