NFS SECURITY DESIGN                                                                                                        Back To Home


NFS like any other unprotected network protocol is vulnerable to two types of attacks: eavesdropping and impostor attack. An eavesdropper can pick up unauthorized data as it goes by on the network. An impostor can gain an unauthorized access to the network.

An NFS server is unable to distinguish falsified file handles from the file handles established by the mountd daemon. A client who manages to snoop the network and steal a file handle, can read and modify any file on the server not owned by root.

NFS exports are controlled locally – each mount point has a list of hosts to which the file system may be exported. This list is enforced by the mountd daemon only, a malicious client can access ask the servers’s portmap daemon to forward the request to the mount daemon. When mountd receives the request from portmap, it thinks it’s received from a valid client and forwards the file handle to the intruder.

If filesystem is exported without restrictions, an intruder can remotely compromise user or system files, and take over the machine.

By default, the user identity required to access a remote file or directory is specified with the UNIX numeric userid and groupid (AUTH_UNIX). Any user can run a program to generate an NFS request and obtain access to files on behalf
of any user.

Basic Measurements for Securing NFS

Next: Mounting and Exporting

 

Source: http://www.sans.org/infosecFAQ/unix/nfs_security.htm