NFS security


John B. Nagle (jbn@glacier.stanford.edu)
Mon, 6 Apr 87 22:43:47 MST


       Quit worrying about "rwall". All one can do with that is annoy
people. Worry about Sun NFS and Berkeley RLOGIN, both of which assume
that hosts are "good guys". Consider the following:

     If you have the means to impersonate any host by setting an interesting
number in your source IP address, and can see the replies coming back,
you can access any remotely accessable file on any NFS server. If you are
on the same LAN, this is trivial; otherwise it may take some eavesdropping
or gateway tampering to bring it off. Note, by the way, that large networks
constructed with low-level bridges are especially vulnerable to this type
of attack. (This is not to be construed as an argument that IP routers
provide some kind of security). With the advent of PC-based NFS clients,
NFS break-in can be accomplished with low-cost hardware and requires minimal
technical sophistication.

      NFS is useful. NFS is clever. NFS is efficient. NFS works. NFS
has security holes though which one could drive an armored division. Don't
blame Bill Joy; he's the one who insisted that SUN machines have sockets for
DES chips. However, DoD's export controls on cryptographic equipment
discourage the use of crypto hardware in commercial equipment. So the
socket is invariably empty. DoD has shot itself in the foot on this one.

                                        John Nagle



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:38:06 GMT