Re: NFS problems
Timothy Newsham (newsham@wiliki.eng.hawaii.edu)
Sat, 26 Mar 1994 16:42:47 -1000 (HST)
>
> Bug Trackers:
>
> I suspect this is old stuff to many folks out there, but it is new stuff
> to me (as a result of being a victim of security through obscurity).
> A site I am associated with had its filesystems mounted by some site
> back East (we are on the West Coast) a few days ago. One reason for
[..]
> I was also told that people could write a program to access NFS filesystems
> using the Xwindows port (whatever porT THAT is), and defeat all the export
> limitiations. The person telling me this knows no details himself, "someone
> told him" apparantly, so that tidbit is next to useless to me.
This sounds blatently wrong. There is a loophole that lets one bypass
export limitations *in special circumstances* by going through the
portmapper (portmapper will happily forward your request, replacing
the vital source address information and replacing it with a local
address... how to exploit is left as an exercise).
What you can do to make life a little easier on yourself is get
Wietse's portmapper which features better access control and
better logging. This will solve some problems of people going
through the portmapper as well as help you track down other problems.
This is not a total fix however as any attacker can simply hunt
for the port that mountd and nfsd are on without ever talking
to the portmapper.
> pat@rwing [If all fails, try: rwing!pat@ole.cdac.com] Pat Myrto - Seattle WA
> "No one has the right to destroy another person's belief by demanding
> empirical evidence." -- Ann Landers, nationally syndicated advice columnist
> and Director at Handgun Control Inc.