NFS SECURITY DESIGN Back To Home
NFS like any other unprotected network protocol is vulnerable to two types of attacks: eavesdropping and impostor attack. An eavesdropper can pick up
unauthorized data as it goes by on the network. An impostor can gain an unauthorized access to the network.
An NFS server is unable to distinguish falsified file handles from the file handles established by the
mountd daemon. A client who manages to snoop the network and steal a file handle, can read and modify any file on the server
not owned by root.
NFS exports are controlled locally – each mount point has a list of hosts to which the file system may be exported. This list is enforced by the
mountd daemon only, a malicious client can access ask the servers’s portmap daemon to
forward the request to the mount daemon. When mountd receives the request from
portmap, it thinks it’s received from a valid client and forwards the file
handle to the intruder.
If filesystem is exported without restrictions, an intruder can remotely
compromise user or system files, and take over the machine.
By default, the user identity required to access a remote file or directory is specified with the UNIX numeric
userid and groupid (AUTH_UNIX). Any user can run a program to generate an NFS request and obtain access to files on behalf
of any user.
Basic Measurements for Securing NFS
Next: Mounting and Exporting
Source: http://www.sans.org/infosecFAQ/unix/nfs_security.htm