I have a question about mountd and getting filehandles for non-root users.
According to the manpage of mountd it's impossible get a file handle
for non root users as long as you don't use the -n option.
What I see is that (OSF 2.1) when a filesystem from A is exported to B
every user on B can get a filehandle, which means that giving all
users the same uid/gid will give about the same protection as we have now :-(
One of our students showed me a 'nice' little program which he could use to
read/write and delete (on B) any file on from A to B read/write exported
filesystems!
Am I missing something or is the -n option always active? I know this
is not working for Ultrix (and so says the OSF manpage) which means that
read/write exporting an Ultrix filesystem will just give away the data.
It's even more serious. Our /usr/spool/mail is on a Ultrix machine and was
mounted (not any more) without the nosuid option. Our student created
an executable in /usr/spool/mail on the Ultrix host, used his little
program to get the filehandle of /usr/spool/mail on the OSF host,
changed it to suid and owner root et voila!
I do hope I'm missing something.
Henk Mos
--
-------------------------------------------------------------------
Henk J. Mos, Dept. of Physics and Astronomy, University of Utrecht
P.O. Box 80.000, 3508 TA Utrecht, The Netherlands
Phone: +31 30 532239 Fax: +31 30 531601 Email: H.J.Mos_at_fys.ruu.nl
-------------------- http://www.fys.ruu.nl/~mos -------------------
Received on Fri Jun 02 1995 - 21:58:16 NZST