Dear Steinar, > nfs-kernel-server is part of nfs-utils. Again: nfs-utils only contains the > userspace part, which has no say in this.
One of us is confused. Checking: $ dpkg -I nfs-kernel-server_1.0.6-3.1_i386.deb ... Description: Kernel NFS server support ... $ dpkg -c nfs-kernel-server_1.0.6-3.1_i386.deb ... -rwxr-xr-x root/root 2356 2003-08-04 11:38:55 ./etc/init.d/nfs-kernel-server -rw-r--r-- root/root 114 2005-01-05 23:38:17 ./etc/exports ... -rwxr-xr-x root/root 35928 2005-01-05 23:44:03 ./usr/sbin/exportfs -rwxr-xr-x root/root 60280 2005-01-05 23:44:03 ./usr/sbin/rpc.mountd -rwxr-xr-x root/root 5148 2005-01-05 23:44:03 ./usr/sbin/rpc.nfsd ... Squash is set in /etc/exports, I think /etc/exports is used by mountd; surely it is all done here? > Assuming a combination of all of: > > 1. You have a compromised machine which you trust. Do not trust. Full trust would not need root_squash. > 2. You are exporting file systems which are not set to nosuid, read-write. Whether suid or not on the NFS client is irrelevant. You could protect by, on the NFS exporter, mount nosuid the filesystem containing the exported directory. Now supposing this contains user home directories, you will want to export read/write; you will want to mount suid on the NFS client, and if you allow user logins to the server also then will want suid there also. (I note that if you always mount nosuid those filesystems that contain read/write exported directories, then you may not need root_squash at all.) > 3. You have /usr/local/* in your path (note that it's not in root's path by > default, so you cannot easily make root run these; and if you have root > on a compromised machine, you can just as well make suid files pointing > to _any_ user, and then trojanize their home directory or whatever, so > being gid=staff really won't help you much). Kindly test on a Debian machine. The presence of /usr/local/bin in root's PATH is mandated by policy. My original bug report #299007 (in more innocent times) was exactly about that PATH setting. > 4. You can login on the NFS server. > > This is not an impossible combination, but it's not a gaping security hole > either. My exact situation: my home directory is exported from a server (read/write and suid everywhere), with user login access to the server also. Gaping. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
