NFS security
Shankar Unni
shankar at hpclscu.HP.COM
Mon Aug 15 10:36:54 AEST 1988
> removing files from a r-w directory etc). The speaker was not
> overly clear about what the hole was, but he smugly assured me that
> he could do much as he pleased if I were to allow him NFS access from
> a machine on which he was root. Is this a problem with NFS, or
> with the HP or Apollo versions of NFS?
Normally, root on a machine (say, A) which NFS-mounts file systems from
another machine (say, B) gets the uid -2 on machine B. He (/she/it) thus
cannot do much damage on B.
However, there is a configurable option to let root on A get a uid of 0
(or anything other than -2) on B. Then of course you're playing with
fire...
--
Shankar Unni.
Hewlett-Packard.
More information about the Comp.unix.wizards
mailing list