Bugtraq mailing list archives

Re: NFS exporting

From: kermit () ics forth gr (Aggelos D. Keromitis)
Date: Thu, 14 Apr 1994 17:08:31 +0300


In message <9404140442.AA22725 () Princeton EDU>, Carl Corey writes:

Now, are we talking exporting writeable to everyone, or _any_ NFS exported
writeable partition?

Just NFS exported writable partition...
The whole purpose of mountd is to give the client who mounts a
 filesystem a valid filehandle of the top directory of that
 filesystem...problem is you can send NFS requests directly to the
 nfsd and try to GUESS a file handle...at that point (nfsd) there is no
 authorization check...

is this exploitable?  How would it be exploited?  Is there a way to keep
people from exploiting it (besides not exporting it)?


Well, thats what this discussion's been about so far :-)
I THOUGHT secure RPC was secure...if it was using the algorithms 
 correct, it should be....as it seems, a poor implementation blew this
 up...
-Aggelos

Current thread:

Re: NFS exporting, (continued)
- - - Re: NFS exporting Perry E. Metzger (Apr 13)
    - Re: NFS exporting Michael Neuman (Apr 13)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Paul Graham (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
  - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Rob Quinn (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
  - Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Perry E. Metzger (Apr 14)