Summary: NFS security???!

From: Stephen Harris (sweh@mpn.com)
Date: Sat Nov 04 1995 - 03:01:04 CST


Thanks for the quick responses everyone.

The answer is: It doesn't!!!!!!

There is no basic check that the DNS name resolved matches the IP number
expected. I've now successfully forged NFS mounts pretending to be
valid names from a number of sites - including those with internal-only
exporting; a site need not export to the internet - as long as it does
DNS hostname resolving it is vulnerable!

This makes NFS the biggest security hole in existence. Time to program
my Cisco routers!

rgds
Stephen (worried about security)



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:34 CDT