Bugtraq mailing list archives
Re: R. Thomas's NFS question
From: il1 () dsroc6 dsdoe ornl gov (Dave Dillow)
Date: Wed, 10 May 1995 09:13:19 -0400
From: PETER.T.WHITING () sprint sprint com Subject: R. Thomas's NFS question Sender: owner-bugtraq () fc net Content-Length: 907 R. Thomas> hostA --> exports /usr/share to -access=hostB R. Thomas> hostB --> a linux box. re-exports /usr/share to everyone R. Thamas> hostC --> not implicitly trusted by hostA, mounts /usr/share R. Thomas> aside from any security concerns, this would certainly R. Thomas> thrash your nfsd's. does anyone have any experience R. Thomas> with this? i have only recently discovered this, and R. Thomas> have not had time to peruse it in depth. Not a problem. Host C gets to look at ***HostB's*** /usr/share - the one that has HostA's /usr/share mounted over it, not HostA's /usr/share. NFS gives you a single hop. In the above example HostA could then mount (if perms were granted) HostC's /usr/share and everything would work. pete Peter T. Whiting [snip] End of excerpt.... After reading the man page for nfsd on a Linux box, I have to agree with Mr. Thomas. The man page even makes reference to using this feature to function as a NFS multiplier, whatever that may be.... Anyway, the security concern raised by Mr. Thomas is valid. Mr. Whiting is correct in that most of the nfsd's I know about do not behave this way, and I belive Linux's can, by simply not specifing '-r' on the command line. I have not tried this, and I may be wrong, so it is worth a check yourself. Dave Dillow il1 () ornl gov dillow () cs utk edu
Current thread:
- Re: R. Thomas's NFS question robert owen thomas (May 09)
- Re: R. Thomas's NFS question Yossi Gottlieb (May 09)
- Re: R. Thomas's NFS question Aleph One (May 10)
- <Possible follow-ups>
- Re: R. Thomas's NFS question andy () btc uwe ac uk (May 10)
- Re: R. Thomas's NFS question Dave Dillow (May 10)
- Re: R. Thomas's NFS question robert owen thomas (May 11)