Firewalls: NFS Security Risks

Firewalls
(August 1994)

Indexed By Thread: [Previous] [Next]

Subject:	NFS Security Risks
From:	Fwoyach @ aol . com
Date:	Sun, 07 Aug 94 22:48:29 EDT
To:	Firewalls @ greatcircle . com

Where can one find the security alerts / risk discussions about NFS?

I was given csrc.nist.gov as a place to look but the file names and indices
don't give much help.

In particular, how good are various NFS server implementations at checking
the source machine?  Garfinkel and Spafford in "Practical UNIX Security say
SUN (up t0 4.x) only checked with mountd and mounting wasn't required (if you
have the file handle).

Does PCNFS check?

One proposal I've heard is to use a meet me server on the bastion host with
the outside mounting files with PCNFS and the inside mounting files with UNIX
NFS.  It leaves me cold but is it actually bad?

Thanks in advance for any comments.

      Frederick Woyach
      Pr. Systems Engineer
      Martin Marietta Co.
      Email:  fwoyach @
 aol .
 com
      71227 .
 3225 @
 compuserve .
 com

Indexed By Date	Previous:	Re: OS for Firewalls From: cwilson @ snarf . engr . sgi . com (Chan Wilson)
Indexed By Date	Next:	The Proper platform for a firewall From: R.ROSSMAN/ARSC @ cgsmtp . comdt . uscg . mil
Indexed By Thread	Previous:	FW: OS for firewalls From: "Johnson-Bryden, Ian" <IJB @ saicuk . co . uk>
Indexed By Thread	Next:	The Proper platform for a firewall From: R.ROSSMAN/ARSC @ cgsmtp . comdt . uscg . mil