NFS security

[Stephen X. Nahm]

In article <126 at leibniz.UUCP> tpc at leibniz.UUCP (Tom Chmara) writes:
>                                                The speaker was not
>overly clear about what the hole was, but he smugly assured me that
>he could do much as he pleased if I were to allow him NFS access from
>a machine on which he was root.  Is this a problem with NFS, or
>with the HP or Apollo versions of NFS?

The security problems of NFS are well-known.  rlogin has a similar hole.

For most of its life, NFS has had only one kind of method of authenticating the
user.  It is called UNIX authentication, and it uses uids and gids to identify
the user, but there is no way for the server machine to *verify* that the user
has passed a valid uid.  If the user can be root on his machine, he or she can
then 'su' to any other user he or she pleases to become.

A new authentication method was introduced in SunOS 4.0:  DES authentication.
With this method, a network-wide identifier is constructed for each user, and a
password is associated with that identifier.  A user must know the password to
be allowed to use a particular network-wide identifier.  On a UNIX server, the
identifier is translated into a uid.

DES stands for Data Encryption Standard, and is used to encode a verifier
that the server uses to verify the identity.  Please refer to RFC1050 for
further details on DES Authentication in Sun's RPC.

Most companies that support NFS will support DES authentication in
the near future.

Steve Nahm
Portable NFS/ONC
Sun Microsystems
Steve Nahm                              sxn at sun.COM or sun!sxn