Full Disclosure mailing list archives
Diskless Bastions & NFS; How secure is NFS (on Linux) rated?
From: "Steve Wray" <steve.wray () paradise net nz>
Date: Fri, 21 Feb 2003 11:50:27 +1300
Hello to the list! I have recently been experimenting with a diskless, network booting bastion with root over NFS. One advantage I have found is that Host-based IDS can be run on the NFS server not the bastion. This means that filesystem changes made by an intruder can be spotted, and reversed, remotely. The HIDS database & processes are shielded from the attacker. The attacker won't even know its being performed until their root kit is mysteriously deleted (for example). My question for the list is, naturally, How secure is (Linux) NFS rated? The bastion must mount its root filesystem thus; /vol/bastion bastion(rw,no_root_squash) which raises the spectre of a remote NFS root exploit. How robust is no_root_squash? Is it possible that a bug could exist in NFS which would allow the lack of root squashing to propagate out of the directory which is thus exported? (assuming that there are no symlinks in the exported directory structure which link out of it). Thanks! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Hackers View Visa/MasterCard Accounts futureshoks (Feb 18)
- <Possible follow-ups>
- Re: Hackers View Visa/MasterCard Accounts remember-handsworth (Feb 18)
- RE: Hackers View Visa/MasterCard Accounts John . Airey (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts David Barnett (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 19)
- Re: Hackers View Visa/MasterCard Accounts Georgi Guninski (Feb 19)
- Diskless Bastions & NFS; How secure is NFS (on Linux) rated? Steve Wray (Feb 20)
- RE: Hackers View Visa/MasterCard Accounts Bernie, CTA (Feb 19)
- RE: Hackers View Visa/MasterCard Accounts Jason Coombs (Feb 19)