Date: Tue, 24 Oct 1995 21:20:41 -0700 (PDT) From: Julian Elischer <julian@ref.tfs.com> To: davidg@Root.COM Cc: mikebo@tellabs.com, hackers@freebsd.org, bugs@freebsd.org Subject: Re: 2.1.0-951020-SNAP: Major bug in NFS again! Message-ID: <199510250420.VAA16934@ref.tfs.com> In-Reply-To: <199510250338.UAA27854@corbin.Root.COM> from "David Greenman" at Oct 24, 95 08:38:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > The client should ignore NFS packets from hosts that it's not talking to or > doesn't know about, and that's what all 4.4BSD derived OSs do. unfortunatly it doesn't gain you anything in security to do so however > This is obviously flamebait and I'm not going to respond to it. I'm pretty sure FreeBSD can be made to do the same thing too, given the right icmp packets > > >Sorry for the rambling discourse, but I need this fixed or I can't > >use FreeBSD. At the least, can the "Sun behavior" I need be added > >as an option to the mount command? like most misguided security attempts it should be optional. > > If you choose not to use my suggested work-around, then I guess you can't > use FreeBSD. For the NFS server, FreeBSD (and all other 4.4BSD derived systems) well 4.4BSD derived OS's comprise OSF/1, NetBSD, FreeBSD and BSD/OS. Not exactly aearthshaking combination, and I wouldn't be surprised to see that OSF1 might act differently.. (they are actually net2.5 based) > keep an authentication list in the kernel that is constructed from > /etc/exports. For the NFS client, FreeBSD requires that replies to its RPC > requests come from the same address that they were issued to. If it didn't > work this way, then *anyone* could send bogus udp datagrams with hand-tailored > RPC calls/replies to you and as long as that someone can come up with a file > handle (which is relatively easy), he can do unchecked file operations and > bypass the system security. So? I can make my machine have any address you wish.. and probably still get a packet to your machine.. I mean the source address is not looked at for routing.. It's a security feature to keep out SIMPLE attacks but fails on any really dedicated attack. anyway we're talking being a CLIENT here.. you're talking about being a server, with the exports list.. I didn't notice the exports list being involved in the client side of things.. I think that if we get a patch to make this optional, then we should allow it to be included.. certainly there should be some way to tell NFS that two addresses are equivalent. A Mount option MIGHT work, but you'd have to feed it an alternate IP address.. (not a name) possibbly a routing table entry could be used to do it.. > The best I could offer you would be a kernel option to disable this > security, but I'll say right now that this *won't* be in the 2.1 release. > > -DG >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510250420.VAA16934>