--- Begin Message ---
Hassan Karim wrote:
> As far as my knowledge takes me... you MUST have an account on any
> UNIX system that you are writing to. The application at least must have an
> account so there is no way for you use NFS without accounts and thus you
> still face the logging in challenge. I personally would go with the
That's mostly correct from one perspective. However, here is a
different perspective.
Machine A exports NFS filesystems to all machines on net B allowing read
and write privileges to all users, but not granting root privileges.
That is, anyone on net B can read and write files on machine A
providing they don't try to do anything requiring uid 0 privileges, even
if they have uid 0 privileges on some machine on net B. This is a
hypothetical setup; I am merely using it as an example. I am just
attempting to guess the NFS setup that might be used for these two
companies to talk. (And with one company so brain dead, this might be
what is being suggested.)
Here is the kicker:
All a user has to do to read any of the files machine A is exporting is
put a machine (of HIS choosing, with HIS setup) on net B and give
himself a uid. This can even be done with a DOS or Windows machine that
does not require a password. The user will at least have all the
permissions of nobody (uid -1) and can very easily give himself the same
access as ANYONE ON MACHINE A except for root.
I actually do this on one of my home networks (two machines). I simply
make sure the uid's match on the two machines and setup up NFS to export
any filesystems the other machine requests. (And no, these machines are
not connected to any external network, so don't try to hack into my
system :)
I agree with Hassan's conclusion, use an FTP proxy system, don't use
NFS.
-James
> On Thu, 24 Oct 1996, firewalls @
GreatCircle .
COM wrote:
>
> > Date: 10/24/1996 12:09 pm (Thursday)
> > Subject: NFS vs. FTP
> >
> > X-Msmail-Priority: Normal
> > X-Priority: 3
> > Precedence: bulk
> >
> > Hello All,
> >
> > An organization, external to ours, has written a custom application which requires transferring files through our firewall. This application is critical to
> >
> > This external organization intends to use NFS as its file transfer utility claiming that their security policy only allows NFS for file transfers and does no
> >
> > Does any of the above make sense to any reader out there? I'm not very up to date on the security threats of NFS. I do know however that CERT has posted NF
> >
> > What should be my security concerns with NFS? Should I be comfortable with an external organization transmitting files into my network using NFS? Why do bo
> >
> > I appreciate you response.
> >
> > Thanks
> >
> > Fabian
> >
> >
--- End Message ---
