Re: RPC protocol problem?

[leif () infoseek com (Leif Hedstrom)]

> "Baba Z Buehler" writes:
>
> I just read a post in comp.security.unix entitiled "widespread security hole
> in exporting of filesystems" which claims there are ways to break into a 
> system that has filesystems exported to itself.

People might want to use the nfsbug detector by Leendert van Doorn.  I
don't know if it's in the PD, but it will test an NFS server for several
(known) security holes.

Output from it might look like:

% ./nfsbug -h barth.somewhere.com
MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart1 (via portmapper)
MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart2 (via portmapper)
MOUNTABLE FILE SYSTEM bart.somewhere.com:/home/bart3 (via portmapper)
MOUNTABLE FILE SYSTEM bart.somewhere.com:/var/mail (via portmapper)


If someone know it's a PD thing, either post a reference for the official
FTP site, or post the shar file here. Perhaps someone knows the author
and can ask him?

-- Leif

/*
 * nfsbug.c
 *
 * Test hosts for well known NFS problems/bugs. Among these tests are:
 * find world wide exportable file systems, determine whether the
 * export list really works, determine whether we can mount file systems
 * through the portmapper, try to guess file handles, excercise the
 * mknod bug, and the uid masking bug.
 *
 * Author:
 *      Leendert van Doorn, april 1994
 *
 * TODO:
 *      - close sockets (?)
 */