[ale] NFS

[Neil Bright]

Dow Hurst wrote the following:
 
> You have to specify root access on the mounted drive, which
> is dangerous to security, if your scripts run as root.

The problem is actually _much_ worse than that - if you don't trust
the other machines on your network.

For instance:

+---+      NFS     +---+
| A |<------------>| B |
+---+              +---+

A is exporting (via NFS) some stuff that B mounts.  The NFS server
(A) trusts that the client (B) has the same UID to user mapping.
(Yes, you can run a daemon to change UID mappings to sync the
client and server, but we'll ignore that for now.)

So, lets assume that an attacker manages to get root on B.  They
can simply 'su' to another userid and mount files from A as that
user.

The moral of the story: make sure that you know what is on your
network, and block NFS at your firewall.

> Check the manpage for an example.  Should be something like
> this:
> In /etc/exports or Linux equivalent on the CLIENT:
> 
> /foo/home  rw=server.foo.bar:server2.foo.bar\
>              access=server.foo.bar:server2.foo.bar\
>                 root=server.foo.bar

I have to disagree a little bit here.  The /etc/exports file
needs to be on the server ('A' above) and would look like this:

/foo/home	client.foo.bar(rw) client2.foo.bar(rw)\
		trusted.foo.bar(rw,no_root_squash)\
		@some-yp-map(r)

This would export /foo/home from A, granting read/write access
to client and client2.  Also letting root on trusted modify files
as root on /foo/home.  The last line, grants read-only access
to all machines in the YP (nis) map some-yp-map.
 
+============ 24 68 BF F6 0E 73 53 47 80 E9 27 7D F9 35 58 4B ============+
 Neil Bright              ncb at cc.gatech.edu            IHPCL administrator
 (404) 385-0448                                       College of Computing
 http://www.cc.gatech.edu/projects/ihpcl   Georgia Institute of Technology