Date: Wed, 24 Nov 1999 12:21:57 -0500 From: "Philip R. Moyer" <pmoyer@hyperon.com> To: Pierre Chiu <pccb@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: NFS Question Message-ID: <199911241720.JAA26910@scaup.prod.itd.earthlink.net> In-Reply-To: Your message of "Wed, 24 Nov 1999 11:36:02 EST." <383C13F2.D3285A71@yahoo.com>
index | next in thread | previous in thread | raw e-mail
>Based on that, for every new installation, I always enter "NO" for NFS >during installation, and comment out the NFS file system in the kernel >and recompile it. > >Now, am I going too far? Or the default installation is already secure? >I don't have the answer and need some input. I don't think that's unreasonable at all. I never turn on NFS on any of my installations. Like I say when I'm teaching at conferences, NFS stands for "No Security". (Note - the following is based on Sun's NFS implementation, not BSD's.) The problems arise because of the authentication sequence. When you want to mount a remote filesystem, you first connect to mountd, which authenticates the remote connection and generates a filehandle. Then you connect to nfsd and present the filehandle that mountd generated. Unfortunately, the filehandles are a) sniffable, b) guessable, and c) never regenerated (*). That means that once you have access, you *always* have access, because you can store the valid filehandle and re-present it to mountd later. You can also spoof portmapper into requesting a filehandle for you, which is why your IDS/firewall/tcpdump will frequently see scans for portmapper/sunrpc services. (The idea being that the local machine usually has permission to mount its own filesystems, so the spoofed request via portmapper will succeed). * - This is an oversimplification, I realize. Now, I haven't tried these attacks against a generic FreeBSD box (Hmmmm, he says, eyeing the box on the floor that he's configuring) so I can't say if the out-of-box configuration is secure. You may have answered this yourself, though, when you said you don't need the service on your installations. If you don't need it, it doesn't hurt to not have it. Now I'm curious. How *does* the BSD NFS implementation work? I'll have to go grovel around and see if it's the same as I described above. Cheers, Phil Philip R. Moyer, CISSP V:302.235.2141 Senior Security Consultant F:302.996.5818 Hyperon Consulting (http://www.hyperon.com) E:pmoyer@hyperon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199911241720.JAA26910>