issuhub.com

ugh.book

(singke) #1

290 NFS


know that. So whenever you send a magic cookie to the NFS server, asking

it to read or write a file, you also tell the server your user number. Want to

read George’s files? Just change your UID to be George’s, and read away.

After all, it’s trivial to put most workstations into single-user mode. The

nice thing about NFS is that when you compromise the workstation, you’ve

compromised the server as well.

Don’t want to go through the hassle of booting the workstation in single-

user mode? No problem! You can run user-level programs that send

requests to an NFS server—and access anybody’s files—just by typing in a

500-line C program or getting a copy from the net archives.

But there’s more.

Because forging packets is so simple, many NFS servers are configured to

prevent superuser across the network. Any requests for superuser on the

network are automatically mapped to the “nobody” user, which has no

privileges.

Because of this situation, the superuser has fewer privileges on NFS work-

stations than non-superuser users have. If you are logged in as superuser,

there is no easy way for you to regain your privilege—no program you can

run, no password you can type. If you want to modify a file on the server

that is owned by root and the file is read-only, you must log onto the

server—unless, of course, you patch the server’s operating system to elim-

inate security. Ian Horswill summed it all up in December 1990 in response

to a question posed by a person who was trying to run the SUID mail deliv-

ery program /bin/mail on one computer but have the mail files in /usr/

spool/mail on another computer, mounted via NFS.

Date: Fri, 7 Dec 90 12:48:50 EST

From: “Ian D. Horswill” <[email protected]>

To: UNIX-HATERS

Subject: Computational Cosmology, and the Theology of Unix

It works like this. Sun has this spiffy network file system. Unfortu-

nately, it doesn’t have any real theory of access control. This is partly

because Unix doesn't have one either. It has two levels: mortal and

God. God (i.e., root) can do anything. The problem is that networks

make things polytheistic: Should my workstation’s God be able to

turn your workstation into a pillar of salt? Well gee, that depends on

whether my God and your God are on good terms or maybe are really

just the SAME God. This is a deep and important theological ques-

tion that has puzzled humankind for millennia.
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.