Bugtraq mailing list archives
Re: CERT, about NFS
From: bicknell () csugrad cs vt edu (Leo Bicknell)
Date: Thu, 22 Dec 1994 10:59:54 -0500 (EST)
1. Do *not* self-reference an NFS server in its own exports file. 2. Do not allow the exports file to contain a "localhost" entry.Anyone know why these are recommended? As far as I can see, if your portmapper doesn't do proxy calls and/or you firewall out port 111, and you don't care about local attacks, neither C.1 nor C.2 will buy you anything further. Am I missing something, or are these bits of advice simply there for people who don't do A and B?
I recall an old bug (possibly in a CERT advisory) about NFS and exporting to localhost. I can't remember what it is off the top of my head, and I'm not at school to look it up, but I think it was something along the lines of if you mounted a filesystem to localhost permissions were no longer checked for some reason. Of course, if you don't worry about local attacks it's not a problem, but many of us do. Someone with easy access to CERT advisories might want to look back a year or so and see waht all the "localhost NFS bug" entailed.
Current thread:
- CERT, about NFS der Mouse (Dec 21)
- Re: CERT, about NFS John Hawkinson (Dec 21)
- Re: CERT, about NFS Jim Duncan (Dec 21)
- Re: CERT, about NFS Scott Schwartz (Dec 21)
- Bugtraq reorganization notes Kevin at Freeside Support (Dec 21)
- Re: CERT, about NFS Leo Bicknell (Dec 22)
- Re: CERT, about NFS Oliver Friedrichs (Dec 22)
- (fwd) HP-UX 9.x: /usr/lib/expreserve creates files anywhere (fwd) Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Chris Ellwood (Dec 22)
- Re: CERT, about NFS Paul 'Shag' Walmsley (Dec 22)
- <Possible follow-ups>
- Re: CERT, about NFS Dave Mitchell (Dec 22)
- Re: CERT, about NFS Steinar Haug (Dec 22)
- Re: CERT, about NFS Bela Lubkin (Dec 22)
- Re: CERT, about NFS der Mouse (Dec 22)
- Re: CERT, about NFS Scott Schwartz (Dec 22)
- Re: CERT, about NFS phil servita (Dec 22)