On Tue, 10 Nov 1998 00:07:20 EST, Brian Atkins brian@posthuman.com wrote:

This does not make a lot of sense to me.. I mean, if some user on the client has hacked root, then game over man. Who cares past that. Of course they can su to some user and mess with their files, root can do just about anything.

What I want and need to know when designing our nfs system is whether a normal non-root user, _without hacking root_, can do any shenanigans via or to nfs. Basically, is adding properly configured nfs to an already secure system going to be ok or not ok, and if not ok what can be done about it?

I think the premise you offer isn't worth taking as a "given." You can't assume people won't hack root. It's too easy. It's easy not because you run your UNIX systems so badly -- for I have no idea -- but because it's probably easy to drop a Linux system on the wire. Or someone can some evil DNS packet injection. Or someone can write some funnky NFS code on a PC to spoof UIDs etc.

Unfortunately, I think all this means you can have NFS or security but you can't have both. Or maybe a better conclusion is that this state of affairs is acceptable, but we should not consider it air-tight, even with the best of our efforts.