Re: nfs_mount in AIX

jfhrpp386.cactus.org

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Colin Jenkins: "Need "Good Times" "virus" info"
• Previous message: Albert Lunde: "Same rumor, does nothing but waste our time..."
• In reply to: Tom Fitzgerald: "Re: nfs_mount in AIX"
• Next in thread: der Mouse: "Re: nfs_mount in AIX"

> Here's a little additional information.....  the nfs_mount routine does its
> work through the vmount() system call, which is documented.  If this is a
> security hole at all, then it's because it would let an attacker mount a
> remote filesystem under his control onto a world-readable directory like
> /tmp or /var/preserve, and thereby grab a copy of everything that was
> written to that directory.  Anybody want to write a test program?
> 
> nfs_mount is in librpcsvc.a, but offers nothing beyond what vmount() gives
> (since it's just a subroutine anyway) aside from a simpler interface.

Each VFS type has its own mount functionality.  So permission to mount
is potentially handled differently for each VFS.  Just because the bug
exists in NFS doesn't mean it exists for JFS (it doesn't, I looked ;-)

I have passed this on to the NFS folks and gotten a commitment to do a
bug fix.  I'll pass this concern along to the rest of the filesystem
people so that the LFS people are aware that a more global problem may
exists WRT non-NFS, non-JFS mounts.
-- 
John F. Haugh II  [ NRA-ILA ] [ Kill Barney ] !'s: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 251-2151 [GOP][DoF #17][PADI][ENTJ]   's: jfhrpp386.cactus.org

• Next message: Colin Jenkins: "Need "Good Times" "virus" info"
• Previous message: Albert Lunde: "Same rumor, does nothing but waste our time..."
• In reply to: Tom Fitzgerald: "Re: nfs_mount in AIX"
• Next in thread: der Mouse: "Re: nfs_mount in AIX"