[lug] Re: Unauthorized Portmap Connection
D. Stimits
stimits at idcomm.com
Tue Dec 12 21:40:35 MST 2000
John Karns wrote:
>
> On Tue, 12 Dec 2000, Scott A. Herod uttered:
>
> > where .... are a lot of options. I believe that the one you want
> > is "root_squash". You also need to specify anonuid and anongid for
> > this to work correctly. Check "man nfs" for details.
>
> According to the NFS How-to, the root-squash option is defaulted to 'on'
> for the Linux version. Doesn't hurt to make sure though.
>
I remember the original post. The message was one of a failed NFS mount,
probably triggered via port scanner. I would never ever trust defaults
for NFS; should someone actually mount it, and they can't gain root
access, you are far better off than if they do. Without root squash it
is trivial to gain root access on many NFS partitions once they are
mounted.
More information about the LUG
mailing list