Re: NFS Security Question

From: Darren Moffat (Darren.Moffat@eng.sun.com)
Date: 08/15/01 

Message-Id: <200108150120.f7F1KrB313927@jurassic.eng.sun.com>
Date: Tue, 14 Aug 2001 18:20:21 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: Re: NFS Security Question
To: ryan@securityfocus.com

>On Tue, 14 Aug 2001, Darren Moffat wrote:
>
>> The only solution in this case is to use NFS with RPC security stronger
>> than AUTH_SYS as described in my previous replies - this is exactly the
>> case they were invented and implemented for.
>
>I'm failing to grok something here, or perhaps I'm being too much of a
>stickler.
>
>If I'm sitting in front of my desktop Sparc, I can always get root. If
>nothing else, Mudge's trick of doing a stop-A, and changing the process
>structure in memory do my UID is 0 will do it quickly. I don't think

Assuming there is no eeprom password (and assuming you don't know it)
set yes that will always get you UID 0.

>there is anything you can do to keep me from getting root on the box in
>front of me eventually, short of firing for policy violation, etc..
>besides, I think the original poster said the guy is allowed to have root,
>no?

The original poster did yes - hence the problem.

root on your machine doesn't translate to root on the NFS server since

This also assumes that Bob's sensitive files aren't world read able.

Being root on the NFS client makes you "nobody" on the NFS server. If
you "su -c bob" as root you didn't get bob's Secure RPC key or Kerberos
credentials loaded so you won't be able to authenticate to the NFS server
as Bob and will instead end up as nobody again (at best).

>Anyway... All I have to do is invite Bob to log into my box, and his drive
>mounts automatically, and I CD to it, because I'm root, yes?

If you can get Bob to log into your box and get his secure rpc key
loaded into keyserv, yes and there is nothing we can do to protect
against that if you have physical access or full root access to machine
you have full access to any user creds that get stored on there.

I'll need to refresh my memory on how this impacts Kerberos but I believe
it is also vulnerable since even if bob used a kerberized telnet/rlogin
to get to your box there is still a ticket stored in the cred cache.

But if you have that level of access to the machine and can convince Bob
to login to it it would be much easier just to install a fake login
program and capture his password and then do the dirty deed on his own
machine when he has left his office (or remotely). 

--
Darren J Moffat

Relevant Pages

  • Re: NFS Security Question
    ... Subject: NFS Security Question ... however you can always su to bob and get permission to his sensitive ... There is no need to have root on the mount in this case to accomplish the ... >> mounts automatically, and I CD to it, because I'm root, yes? ...
    (Focus-SUN)
  • Re: NFS Security Question
    ... Subject: NFS Security Question ... >> and su to bob to cd into his directory if its available to this machine. ... > that, of course, I get to play all the tricks that root can play. ... NFS protocol (NFS requests will claim to be that uid). ...
    (Focus-SUN)
  • NFS Security Question
    ... Subject: NFS Security Question ... I have been looking for information on securing NFS with respect to root su ... in as "bob" and has all the permissions associated with the "bob" ...
    (Focus-SUN)
  • Re: block root access to NFS mount
    ... I need to give root access to an NFS client host machine, ... Often this also means that root may not even access the nfs filesystem ...
    (Fedora)
  • Re: Problem setting up NFS on Ubuntu
    ... I have installed Ubuntu ... > I used System - Administration - Synaptic Package Manager to include NFS ... Should I be using the GUI, and if so, how do I do that as root, ... and doesn't change the permissions displayed by ls -l ...
    (comp.os.linux.setup)