becoming root via NFS
Jeff Beadles
jeff at onion.pdx.com
Fri Dec 21 02:00:01 AEST 1990
In article <114827 at uunet.UU.NET> rbj at uunet.UU.NET (Root Boy Jim) writes:
...
>I tried this another way. Entice someone to mount a filesystem from
>your machine. Then, as root on your own machine, do a mknod. Get onto
>the server as a regular user and access the device. But wait! Devices
>don't work across NFS! So no good there either.
...
> Root Boy Jim Cottrell <rbj at uunet.uu.net>
> Close the gap of the dark year in between
Ugh. We really don't need misinformation like this. :-)
Device files *DO* work over NFS. They are interpreted in the LOCAL machine
though, not as a part of the remote machine that they are mounted from.
This is one of the many problems with NFS (:-).
If you mount a partition from a remote machine with a kmem device file,
and 666 permissions and then LOGIN to the server and access the file,
it will access /dev/kmem ON THE SERVER.
There's the same problem with set-uid files, but there is a mount
option "nosuid" that will prevent them from being used.
IMHO, "nosuid" should also not allow remote block or character special files.
Someone (Guy Harris?) posted several months ago that they had already done
the work at their local site.
You can't just turn off all access to remote devices via NFS though.
Diskless nodes depend on it to work. (In effect, they NFS mount their
root partition from the server.)
-Jeff
--
Jeff Beadles jeff at onion.pdx.com
More information about the Comp.unix.internals
mailing list