Security Basics mailing list archives
Re: Secure NFS
From: Bear Giles <bgiles () coyotesong com>
Date: Thu, 27 Feb 2003 11:09:29 -0700
> I've been wondering about this for a while now...
Everybody knows NFS is insecure. Right. So no-one uses it. Why not simply modify NFS to use encryption? Why not? Not tunneling, modify the source to either (a) establish ssl connections, or (b) manually encrypt all traffic (I would prefer this one).
(I'm coming in late, so maybe this has already been mentioned.)Standard NFS is built on top of standard RPC, and the latter is insecure because almost all sites support "unix authentication" at best. That's user-id based, trivially forged by anyone with root access.
But RPC is an extensible protocol and there are a number of secure alternatives to Unix authentication. RPC-DES has been around for years, and RPC-GSSAPI (Kerberos) almost as long. I don't recall seeing RPC-PKIX (SSL), but it's an obvious extension. Use any of these, and truly secure NFS falls out of it. All you have to do is make a trivial change to the NFS client and server to require the secure alternative, plus whatever changes you need to access the new authentication objects.
The latter has been the killer. It's not impossible - SecureNFS and SecureRPC (using DES) have been on the market for years - but it requires a nontrivial amount of work to set up. The traditional Unix vendors could afford the investment, but the OSS community largely (and falsely) believes that SSH tunnels eliminate the need for this. SSH tunnels might work great when connecting a handful of systems, but it doesn't scale well.
Current thread:
- Secure NFS slaanesh (Feb 20)
- RE: Secure NFS Peet Grobler (Feb 22)
- Re: Secure NFS Gene Yoo (Feb 24)
- Re: Secure NFS Barry Irwin (Feb 27)
- Re: Secure NFS Michael Osten (Feb 28)
- Re: Secure NFS Bear Giles (Feb 28)
- RE: Secure NFS Peet Grobler (Feb 22)