NFS is supposed to expose a remote file system in full. The exported file system is supposed to be protected in the same way as the local file system. As Eran pointed out, reasonable expectations (from NFS software) would be to block access from outsiders, as you would protect other network resources. Once the client logs in, the security challenge is in a different level.
Otherwise, I don't see how we can get transparent file access for the software we use. BTW, the evolving concept of a Database is very much related to these issues and some operating systems are built around it, E.G. the OS used on AS400. ----- Original Message ----- From: "Eran Tromer" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: "Meir Michanie" <[EMAIL PROTECTED]>; "IGLU" <[EMAIL PROTECTED]> Sent: Saturday, November 16, 2002 9:48 AM Subject: Re: Secure nfs > Ehud Karni wrote: > > On 15 Nov 2002 00:28:00 +0200, Meir Michanie <[EMAIL PROTECTED]> wrote: > >>3. get the private key from one compromised client and you have root > >>control over the net, next step would be ssh root@server -i > >>compromised-key > > > > That is not true. The intruder has already root privile for the > > broken in system and all she can do is what she can do localy on > > that system (she can not run anything on the NFS host directly). > > Indeed, not directly. But the intruder can get access any of the files > which the server exports to this client. This usually includes the home > directories of all users (bad enough!), and possibly includes the home > directory of the server's root or someone who frequently performs tasks > as server root. > > > > So it's quite secure (as secure as SSH for login). > > Hardly. NFS over SSH buys you security from outsiders, but the only > thing it buys you with respect to insiders (or their compromised boxes) > is accountability (you can see which SSH key was used to connect, *if* > you can spot the exact time of intrusion and have sufficiently detailed > logs and server root wasn't compromised). > > Eran > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
