Bugtraq mailing list archives
Re: nfs_mount in AIX
From: jfh () rpp386 cactus org (John F. Haugh II)
Date: Wed, 26 Apr 95 21:16:47 CDT
Here's a little additional information..... the nfs_mount routine does its work through the vmount() system call, which is documented. If this is a security hole at all, then it's because it would let an attacker mount a remote filesystem under his control onto a world-readable directory like /tmp or /var/preserve, and thereby grab a copy of everything that was written to that directory. Anybody want to write a test program? nfs_mount is in librpcsvc.a, but offers nothing beyond what vmount() gives (since it's just a subroutine anyway) aside from a simpler interface.
Each VFS type has its own mount functionality. So permission to mount is potentially handled differently for each VFS. Just because the bug exists in NFS doesn't mean it exists for JFS (it doesn't, I looked ;-) I have passed this on to the NFS folks and gotten a commitment to do a bug fix. I'll pass this concern along to the rest of the filesystem people so that the LFS people are aware that a more global problem may exists WRT non-NFS, non-JFS mounts. -- John F. Haugh II [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ] @'s: jfh () rpp386 cactus org
Current thread:
- Re: Kerberos availability (Re: NIS) Tim Scanlon (Apr 20)
- Re: Kerberos availability (Re: NIS) Michel Lavondes (Apr 24)
- Re: Kerberos availability (Re: NIS) Jas (Apr 25)
- Re: Kerberos availability (Re: NIS) Julian Assange (Apr 26)
- nfs_mount in AIX rick () msc cornell edu (Apr 25)
- Re: nfs_mount in AIX Tom Fitzgerald (Apr 25)
- Re: nfs_mount in AIX rick () msc cornell edu (Apr 26)
- Re: nfs_mount in AIX Aleph One (Apr 26)
- Re: nfs_mount in AIX John F. Haugh II (Apr 26)
- Re: nfs_mount in AIX Julian Assange (Apr 26)
- CGI script insecurity in NCSA httpd Paul Phillips (Apr 26)
- Re: CGI script insecurity in NCSA httpd Jeremy Fitzhardinge (Apr 27)
- sniffers froden () yf-kraft no (Apr 28)
- Re: your mail Timothy Newsham (Apr 30)
- sniffers Theodore Alexopoulos (Apr 29)
- Re: sniffers Jonathan M. Bresler (Apr 29)
- Re: sniffers Asriel DeCatte (Apr 30)
- Re: Kerberos availability (Re: NIS) Jas (Apr 25)
- Re: sniffers Asriel DeCatte (Apr 30)
- Re: sniffers Jas (Apr 30)
- Re: Kerberos availability (Re: NIS) Michel Lavondes (Apr 24)