NFS Security: a summary

[Nathaniel Mishkin]

In article <13457 at mimsy.UUCP> chris at mimsy.UUCP (Chris Torek) writes:
>In article <43200038 at uicsrd.csrd.uiuc.edu> kai at uicsrd.csrd.uiuc.edu writes:
>>I haven't seen anyone mention ANY security problems involving NFS that don't
>>require you already have the keys to the kingdom.  [root access somewhere]
>
>If you have a workstation on your desk, you have root access to that
>workstation.  It may take a while to break in, but if I have physical
>access to your machines, I have root access to your machines.  It is
>as simple as that (which may not be simple!).

Not even to mention an IBM PC that supports UDP/IP.  Bring up SUN RPC
and start making those NFS requests with the uid of your choice.  Even
simpler, you could just start with PC/NFS.  (Yes, I know how glassy my
house is too.)  Ah, what a fool's paradise we're all living in.  I'm
waiting for some Chernobyl of computer security to hit before people wake
up to the exposure.  "Oh, but I *trust* all those machines in my network."
Hmmph.  If you have more than 10, you just can't.

-- 
                    -- Nat Mishkin
                       Apollo Computer Inc., Chelmsford, MA
                       mishkin at apollo.com