Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

101

102

103

104

105

106

107

108

109

110

5.10.2.1 Server Vulnerability

Maintain server security by setting restrictive permissions on the /etc/exports file.

Root privileges are not maintained across NFS. Thus, having root privileges on a client

system does not provide you with special access to the server.

The server performs the same permission checking remotely for the client as it does locally

for its own users. The server side controls access by the client to server files by comparing

the user ID and group ID of the client, which it receives via the network, with the user ID

and group ID of the server file. Checking occurs within the kernel.

A user with privileges on an NFS client can exploit that privilege to obtain unlimited

access to an NFS server.

NOTE: Never export any file system to a node on which privilege is granted more

leniently than in your own node's policy.

5.10.2.2 Client Vulnerability

In earlier releases of NFS for workstations, the /dev inode had to reside on the client's

disk. NFS now allows the /dev inode containing the major and minor numbers of a

client-mounted device special file to exist on the server side. This opens the possibility

for someone to create a Trojan horse that overrides permissions set on the client's mounted

device special file, by accessing the device special file through the file and inode number

found on the server side.

Although lacking permission to make a device special file on the client side, a system

violator can create a device special file, such as /dev/kmem, using root permissions on

the server side. The new /dev file is created with the same major and minor number as

that of the target device on client side, but with the following permissions:

crw-rw-rw-

The violator can then go to the client, log in as an ordinary user, and, using NFS, open

up the newly created server-side device special file and use it for devious means.

5.10.2.3 How to Safeguard NFS-Mounted Files

Following are suggestions to safeguard NFS-mounted files:

• If possible, make sure that the same person administers both client and server systems.

• Maintain uniformity of user ID and group ID for server and client systems.

• Routinely check the /dev files in the file systems exported from server.

• Restrict who can have write access to the /etc/passwd client files.

• For strictest control, audit every host that is accessible through the network.

• Consider using the fstab nosuid command to protect the system against setuid

programs that can run as root and damage the system. The default mount option is

suid, which allows mounted programs with setuid permission to run with the

permissions of their owners, regardless of who starts them. Therefore, if a program

5.10 Controlling File Security on a Network 107