home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.sun.admin
- Path: sparky!uunet!grebyn!daily!mfraioli
- From: mfraioli@grebyn.com (Marc Fraioli)
- Subject: NFS security bug exporting to more than 10 hosts?
- Message-ID: <1992Nov11.221618.23528@grebyn.com>
- Organization: Grebyn Timesharing
- Date: Wed, 11 Nov 1992 22:16:18 GMT
- Lines: 21
-
- Hi all-
-
- In looking through the book 'A Nutshell Guide to Unix security',
- I ran across a statement to the effect that one should never export a
- directory to more than 10 hosts/netgroups, with no explanation of why
- this would be so. Doing an experiment in our lab, I discover that on
- two different Sun machines, an IPC running 4.1.3, and a 4/490 running
- 4.1.2, if I list more than 10 hosts after a directory name in
- /etc/exports, then ANYBODY can mount that directory, no matter who they
- are! Then, I tried making a netgroup to get the number of items in
- /etc/exports below 10, and I find that if a netgroup is listed in
- /etc/exports, then again, ANYBODY can mount that directory! This is a
- gargantuan security hole, obviously. So, I then tried it on some
- DECstation 5000s running Ultrix 4.2a and found that they, too, have the
- bug where if a directory is exported to a netgroup, anybody can mount
- it. However, you can list as many hosts as you want (ie. > 10), without
- the bug occuring, so that hole seems to be Sun only. Does anybody know
- anything about this? Is there a patch?
- --
- Marc Fraioli
- mfraioli@grebyn.com (So I'm a minimalist...)
-