Re: NFS exporting

[perry () snark imsi com (Perry E. Metzger)]

"Aggelos D. Keromitis" says:
> In message <9404131739.AA26622 () snark imsi com>, "Perry E. Metzger" writes:
> > Secure rpc buys you only a little bit -- it requires a bit of skill to
> > break it, but it will doubtless be easy to break when someone posts a
> > cracking script to the net sometime.
> Well, this depends on what kind of RPC protection you're using; Un*x is
>  weak (non-existant). However the one based on DES is adequate 
>  against the everyday cracker.

No it is not. The exponential key exchange is completely flawed -- it
can be broken quite easily. See the paper by LaMachia and Odlyzko. The
key exchange is a complete joke. You never even need to crack the DES
key -- you can simply extract it. As I say, this currently requires
skill, but at some point someone will doubtless point a script to do
that and then its all pretty much pointless after that.

> > As for NFS in general, its useless. As soon as you export an NFS
> > partition to the net (at least if you export it writable), you can
> > kiss your machine goodbye. Among other nasty tricks, even without the
> > mountd giving you any informaiton on the host you can just flood the
> > machine with unlink requests or guess inode generation numbers or
> > other such things. NFS is a hunk of junk.
> Well, this is more or less true...mountd can be circumvented (hope i got this
>  right) and one can send direct rpc/nfs requests to the nfsd...the hard part
>  is actually guessing a valid file handle (32 byte number!).
>  I have read in some documents that regular use of fsirand, a program which
>  supposedly assigns to each file/dir a unique file handle, greatly reduces
>  chances of a wild guess...

There are techniques you can exploit here that make hijacking an NFS
partition or simply destroying it way too simple.

Perry