[lug] NFS

Pedersen, Michael J PederMJ at LOUISVILLE.STORTEK.COM
Thu Nov 18 10:20:55 MST 1999 

> On Thu, 18 Nov 1999, Pedersen, Michael J wrote:
> 
> > > 5.) Any tips/info on configuring NFS would be great.
> > 
> > If at all possible, don't.  It's considered one of the 
> biggest security
> > holes you can have. If you MUST install it, configure a 
> firewall, and put
> > the NFS machines behind it, and review every security alert 
> you can find on
> > it to lock it down.  Outside of that, there's a lot to it, 
> but you can find
> > some pretty good info by reviewing 'man exports'.
> 
> This is the second time I think I've heard someone mention NFS as a
> security hole before.  The question that comes to mind is:  if this is
> true, what is the replacement or fix?  Samba ... ?

Unfortunately, no.  Samba is also a security hole, but of a different
nature.  It all comes down to one thing: When you're working on a network
(especially the internet), you have no control of what other people are
doing.  Possible ways to get at your system through NFS (and these apply to
Samba, as well):

1) You've set up an area on NFS which is open to people on your network.
Through IP spoofing, I can pretend to be on your network, and get this area
all I want.  Furthermore, if you've got it set read/write, I can use your
network public area as a public ftp site for the world.

2) If I can determine which version of NFS you are using, I can hack my
version to specifically send yours information which gives me privileged
access to your system, possibly.  After all, your NFS is open to the world,
which means I can read the source, find the weaknesses, and then try to
exploit them.

3) You accidentally configure your environment to allow me to have root
access to a public area.  Once I've got that, I can start pushing things
around until I get root on the system.  And then I own the whole thing.

The same things apply to Samba, and any other networking file system.  Each
one is a very specific attack, with a known way to fix it.  Incidentally, #2
is the whole reason behind "security through obscurity", which has been
shown to be a very bad idea far too often.

On a side note, there are other hacks which can be done against NFS.
www.cert.org is a good place to get some information on them.  All in all,
they are always a variation on #2 as well.

One possible security mechanism which could be used (and would not be
defeatable directly) would be to place your NFS server on one of the
unroutable address spaces (ie: 192.0.0.0).  This would require somebody to
gain access to a public machine before they could go after your NFS server.
Again, same rules apply to Samba and other file servers.

Oh, and a question I raised but didn't answer: Samba is a security hole of a
different nature than NFS because Samba works with Windows setups, while NFS
was designed for UNIX setups. As such, there are different ports to block,
and different precautions to take when configuring your server.  The basic
idea, though, remains the same: It's a network file system, and the network
is uncontrollable.

More information about the LUG mailing list