Re: NFS exporting

[kermit () ics forth gr (Aggelos D. Keromitis)]

In message <9404131739.AA26622 () snark imsi com>, "Perry E. Metzger" writes:
> Secure rpc buys you only a little bit -- it requires a bit of skill
> to break it, but it will doubtless be easy to break when someone
> posts a cracking script to the net sometime.

Well, this depends on what kind of RPC protection you're using; Un*x
is weak (non-existant). However the one based on DES is adequate
against the everyday cracker. What it does is: in the NIS (YP) server,
a file is kept (/etc/publickey) which contains a secret key...when you
login via rlogin/rsh and give a password, the local NFS client
generates a temporary secret/public key, while the server does the
same. Then the two create temporary random 56-bit keys which they
exchange securely (public key cryptography)...then they use DES with
the exchanged key as the encryption key...now, DES is considered
secure enough for everyday use (keep in mind though that with 1
million $ one can build a machine that "cracks" the DES algorithm
FAST...this means you won't keep NSA out :) Also to mention here that
the whole protocol uses timestamps, so a replay-attack is not possible

The only problems with these are that you have to have SunOS 4.0 and
up, and run keyserv on all NFS-using systems. There are a couple of
other (minor) problems...read the man pages for those...So, i'd say
secure rpc is going to do more than delay the cracker...but if it was
IDEA and not DES, i'd be much happier...You might also have problems
finding DES if you're out of the US (general comment here).

> As for NFS in general, its useless. As soon as you export an NFS
> partition to the net (at least if you export it writable), you can
> kiss your machine goodbye. Among other nasty tricks, even without the
> mountd giving you any informaiton on the host you can just flood the
> machine with unlink requests or guess inode generation numbers or
> other such things. NFS is a hunk of junk.

Well, this is more or less true...mountd can be circumvented (hope i
got this right) and one can send direct rpc/nfs requests to the
nfsd...the hard part is actually guessing a valid file handle (32 byte
number!).  I have read in some documents that regular use of fsirand,
a program which supposedly assigns to each file/dir a unique file
handle, greatly reduces chances of a wild guess...never used it, never
even checked it's existance :)

However (personal opinion), i believe that if you set up your exports
right and use DES authentication you should be ok...NFS offers much
and security considerations should not be a problem, unless you plan
on putting top-secret data on the filesystems to be exported...