Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: NFS exporting

Re: NFS exporting

Aggelos D. Keromitis (kermitics.forth.gr)
Thu, 14 Apr 1994 17:08:31 +0300

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob Quinn: "Re: NFS exporting"
Previous message: smbresearch.att.com: "Re: NFS exporting"
In reply to: Carl Corey: "Re: NFS exporting"
Next in thread: smbresearch.att.com: "Re: NFS exporting"

In message <9404140442.AA22725Princeton.EDU>, Carl Corey writes:
>Now, are we talking exporting writeable to everyone, or _any_ NFS exported
>writeable partition?
>
Just NFS exported writable partition...
The whole purpose of mountd is to give the client who mounts a
 filesystem a valid filehandle of the top directory of that
 filesystem...problem is you can send NFS requests directly to the
 nfsd and try to GUESS a file handle...at that point (nfsd) there is no
 authorization check...

>is this exploitable?  How would it be exploited?  Is there a way to keep
>people from exploiting it (besides not exporting it)?

Well, thats what this discussion's been about so far :-)
I THOUGHT secure RPC was secure...if it was using the algorithms 
 correct, it should be....as it seems, a poor implementation blew this
 up...
-Aggelos

Next message: Rob Quinn: "Re: NFS exporting"
Previous message: smbresearch.att.com: "Re: NFS exporting"
In reply to: Carl Corey: "Re: NFS exporting"
Next in thread: smbresearch.att.com: "Re: NFS exporting"