The problem with using nfs today is authentication (don't read
authorization, it may be another problem).
NFS and PORTMAP relay on trusted hosts, you could use ips or dns names,
or * (wilcards?)
spoffing this is as simple mounting the nfs share using edited local
/etc/passwd.
You may say that how did you get access to the root account on the
client?
who needs to brake the client when you can come with your own laptop.
One solution is using NFS over ssh.
to do this you need:
1. edit /etc/exports to something like
/home localhost(rw,root_squash,secure)
2. generate a private key for root and put it in every client machine
(ssh requires the file to have permision --- for group and others.
2.1 copying the public key to .ssh/authorized-keys
3. using ssh to redirect ports ssh -f -L 1234:<nfs-server>:nfs -i
ssh/identity /bin/sleep 60
the exactly steps can be read at:
http://www.linuxsecurity.com/feature_stories/feature_story-118.html
BUT!!!!!!
this brings two other problems:
1. all connections to NFS on the server will show as from localhost.
2. any machine able to connect with ssh is also able to mount the nfs
drive even do you block the nfs ports. (this could open another
discussion: How secure is to run ssh.)
3. get the private key from one compromised client and you have root
control over the net, next step would be ssh root@server -i
compromised-key
I read this article and I do not know if it works on linux.
http://www.unet.univie.ac.at/aix/aixbman/commadmn/nfs_secure.htm
SO, how do you set a roaming profile ($HOME) without compromising the
entire network to make a walk in the park for a newbie hacker?
--
QOTD:
"I tried buying a goat instead of a lawn tractor; had to return
it though. Couldn't figure out a way to connect the snow blower."
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
