From owner-freebsd-security Thu Apr 2 02:57:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id CAA19997 for freebsd-security-outgoing; Thu, 2 Apr 1998 02:57:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from newserv.urc.ac.ru (newserv.urc.ac.ru [193.233.85.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA19970 for ; Thu, 2 Apr 1998 02:57:06 -0800 (PST) (envelope-from anton@urc.ac.ru) Received: from urc.ac.ru (Belle.urc.ac.ru [193.233.85.55]) by newserv.urc.ac.ru (8.8.8/8.8.8) with ESMTP id QAA04588 for ; Thu, 2 Apr 1998 16:56:19 +0600 (ESS) (envelope-from anton@urc.ac.ru) Message-ID: <35236ED3.E90D12AD@urc.ac.ru> Date: Thu, 02 Apr 1998 16:56:19 +0600 From: Anton Voronin Organization: URC FREEnet X-Mailer: Mozilla 4.04 [ru] (X11; I; FreeBSD 2.2.5-STABLE i386) MIME-Version: 1.0 To: freebsd-security@FreeBSD.ORG Subject: Is there a safe way for filesystem export? Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Greetings, I have an application server working under 2.2-STABLE which also exports filesystems for workstations which boot by means of netboot from their local DOS-partition. They do not have local unix partitions, except swap, /tmp and /var/tmp partitions. If the user simply cracks BIOS and boots from FreeBSD diskette, he can mount a partition from the server which is exported for read/write and not mapping root to nobody, and, say, place there a setuid file that runs shell. Is there a possibility to authenticate NFS client not only by its IP-address but by some more secure way? Or could it be a subject for further development (if it is not limited by NFS principals)? -- Anton Voronin | Ural Regional Center of FREEnet, | Southern Ural University, Chelyabinsk, Russia http://www.urc.ac.ru/~anton | Student / programmer / system administrator To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message