I'm putting together a "NFSv3 is disgustingly insecure, we should move to OpenAFS" type presentation for my management [1]. I've found explanations to be less than completely understood, so I've decided to put together a demo.
I've already found nfsshell [2], a commonly available user-level program that among other things allows creation of NFS requests as any other user on a system. The most useful article I found on the subject [3] also mentions that "UDP is also trivial to spoof, making it easy to get around the host-based access control, which relies on the IP address of the client." Does anyone know of code that would demo this vulnerability? [1] NFSv4 isn't an option due to platform support requirements. [2] Leendert van Doorn's nfsshell ftp://ftp.cs.vu.nl/pub/leendert/nfsshell.tar.gz [3] ;LOGIN: February 2005 pg. 17 - Rik Farrow's Musings http://www.usenix.org/publications/login/2005-02/pdfs/musings.pdf Thanks, -- Daniel Clark [EMAIL PROTECTED] _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
