A question for the list. We have a request to provide nfs from
an "inside" filesystem to a few hosts outside the firewall. I've told
them this is not a good idea, unfortunately I wasn't able to quantify
exactly how bad this is.
So exactly what can happen? I take the corruption of that exported filesystem
as a given. And using the filehandle trick, other exported filesystems from
that server are accessible. Special files can be written, and trojans can be
planted. (That's enough to discourage ME from trying it.)
However, assuming the firewall prevents outsiders from telnetting to the
server, are any other, non-exported filesystems directly at risk?