Re: [suse-security] nfs and authentification
Hi Dani I think that you forget that the normal user authentication is still there. like on any ([l]Unix) machine. So passwords and file access is the same: an imported file system is not suddenly open when mounted at an other host. of course the exports should go to known hosts as wel.
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/11/02, 7:52:25 PM, Daniel121272@gmx.de wrote regarding [suse-security] nfs and authentification:
Dear List,
we use nfs to export a file-system of a file-server. But there is no authentification of the importing computer, so everyone in our subnet could give them selves a valid IP and has access to all files.
No they have not... do not worry about that regards Frank w Kooistra
--On Tuesday, November 12, 2002 09:02:38 AM +0000 "Frank W.Kooistra"
Hi Dani
I think that you forget that the normal user authentication is still there. like on any ([l]Unix) machine. So passwords and file access is the same: an imported file system is not suddenly open when mounted at an other host.
of course the exports should go to known hosts as wel.
>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 11/11/02, 7:52:25 PM, Daniel121272@gmx.de wrote regarding [suse-security] nfs and authentification:
Dear List,
we use nfs to export a file-system of a file-server. But there is no authentification of the importing computer, so everyone in our subnet could give them selves a valid IP and has access to all files.
No they have not... do not worry about that
Plain vanilla NFS is insecure. It uses, at best, IP based authentication i.e. you state that a certain computer can be trusted as it runs a trusted OS and has trusted administrators. If either of these statements ceases to be true then access can be completely open. There are many versions of rpc and some are reasonably secure but I don't think that there is any Linux support for them. If you use nfs then arpwatch should be mandatory, I know that you can also set the MAC address but at least you have raised the ante. The NSA describes a trusted computer as one that you have to trust for the system to work and that is pretty much what we have with NFS. A trusted computer is a security hole waiting to happen, an oxymoron if you will. Sun realized that making security optional was not a good idea when others are involved and have tried to fix that with NFSv4, it is still bleading edge but there is good Linux support. smbfs is also a good alternative but I am not sure that the mapping of access control twice is going to work well. /Michael -- This space intentionally left non-blank.
This may not help you now, but just for the record, I hope to have GSSAPI enabled NFS in the next SuSE release. Whether that will happen depends a great deal on how much time I'll have to spare. Note BTW that Samba doesn't help you very much on the local network either. Everyone is able to sniff the lanmanager hash and reuse that to log into the CIFS server. Microsoft doesn't send the passwords in cleartext, but they're cleartext equivalent. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir@suse.de | experienced what can best be described as ---------------+ ISO water torture. -- Peter Gutmann
participants (4)
-
Frank W.Kooistra
-
Michael Salmon
-
Olaf Kirch
-
Peter Wiersig