From owner-freebsd-security  Fri Nov 15 07:19:32 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id HAA19807
          for security-outgoing; Fri, 15 Nov 1996 07:19:32 -0800 (PST)
Received: from pluscom.cronyx.ru (gw.rinet.ru [194.87.171.65])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id HAA19764
          for <freebsd-security@freebsd.org>; Fri, 15 Nov 1996 07:18:28 -0800 (PST)
Received: by pluscom.cronyx.ru id SAA07972;
  (8.6.11/vak/1.9) Fri, 15 Nov 1996 18:16:53 +0300
Date: Fri, 15 Nov 1996 18:16:53 +0300
From: marck@pluscom.cronyx.ru (Dmitry Morozovsky)
Message-Id: <199611151516.SAA07972@pluscom.cronyx.ru>
To: freebsd-security@freebsd.org
Subject: Re: NFS Server, is it secure?
Newsgroups: freebsd.security
X-Newsreader: TIN [version 1.2 PL2]
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Mark Newton wrote:

> Well, yes -- NFS is basically never "secure" on any platform.  The
> NFS protocol was never designed with security in mind.

> If you know (or can guess) the NFS filehandle for an NFS filesystem
> root then you can spoof the protocol for a start.  

> Firewall your NFS server:  Its services should not be reachable from
> the Internet-at-large.

Is NFS server with no exports with write permissions vulnerable too?

--

Sincerely,
D.Marck
========================================================================
=== D.Marck --- Dmitry Morozovsky --- marck@rinet.ru --- Wild Woozle ===
========================================================================