Lutz.Jaenicke@aet.TU-Cottbus.DE wrote:

On Tue, Nov 23, 1999 at 11:19:21AM +0100, tschweikle@FIDUCIA.de wrote: ...

...

That is correct, while the 'w' reflects only the state of the 'w' bit on the reomte fs. Not the permission it is exported with.

...

Please make also sure, that you understand the concept of root->nobody mapping when using NFS.

/usr isn't writable localy by 'nobody'. Shouldn't be writable by 'nobody' mounted remote.

Indeed.

So, let's try to reproduce: I have SuSE 6.2 with the latest nkita-patch: /usr**(ro) (more export points listed below this entry...)

NFS-Client is HP-UX 10.20: # mount -F nfs XXXXXX:/usr /tmp_mnt # mkdir /tmp_mnt/xyz mkdir: cannot create /tmp_mnt/xyz: Read-only file system # umount /tmp_mnt

Sorry, I don't have a Linux client available in the moment.

(remove /usr line from /etc/exports; /sbin/init.d/nfsserver stop ; /sbin/init.d/nfsserver start ). # mount -F nfs XXXXXX:/usr /tmp_mnt XXXXXX:/usr: access denied secured again.

Best regards,

Tryed it out with SuSE 6.2 new, clean system: Vulnerable. You are allowed to write to a ro exported fs. Applied latest nkit_a-patch. you are not vulnerable any more. ro exported fs isn't writeable. Thus I upgraded all servers to the latest nkit_a-patch. Thanks for all your help! -- Thomas