Re: NFS exporting

perrysnark.imsi.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Perry E. Metzger: "Re: NFS exporting"
• Previous message: Carl Corey: "Re: NFS exporting"
• In reply to: Michael Neuman: "Re: NFS exporting"
• Next in thread: Paul Graham: "Re: NFS exporting"

Michael Neuman says:
> > There are techniques you can exploit here that make hijacking an NFS
> > partition or simply destroying it way too simple.
> 
>   Name a few Perry, that's what bugtraq is for... Generally alluding to
>   techniques is worthless.

How about...

Listening in on other people's transactions -- stealing or guessing
file handles using aquired information. (BTW, fsirand is not exactly a
cryptographic random number source.) Incidently, file handle structure
isn't exactly random, either -- have a look at whats in them.

Using forged packets (possibly source routed) to spoof mountd into
handing you file handles which you then exploit.

In systems using NIS (the Notoriously Insecure Service), you can spoof
NIS packets in order to convince kernels that you have privs you don't
have, or spoof it to convince NIS to hand you information you don't
deserve.

This is just what comes off the top of my head -- I'm sure I can come
up with more.

Opening up NFS or NIS to the net is asking for trouble.

Perry

• Next message: Perry E. Metzger: "Re: NFS exporting"
• Previous message: Carl Corey: "Re: NFS exporting"
• In reply to: Michael Neuman: "Re: NFS exporting"
• Next in thread: Paul Graham: "Re: NFS exporting"