NFS

NFS is a convenient way to share files between computers. However, if there is no restriction on who can mount a volume, the system may be vulnerable.

If the root directory "/" is exported, even read-only, it may be possible for an intruder to copy the password file and crack it.

If "binary" directories such as /bin are exported read-only, it may be possible for an intruder to determine the exact version of various programs and design a buffer-overrun exploit for them.

If "binary" directories are exported writable, it may be possible for an intruder to overwrite programs which do not belong to root.

If "user" directories are exported writable, may be possible for an intruder to add entries to an ".rhosts" file and thus login without a password, or to create ".forward" files allowing arbitrary commands to be executed.

Prevention

NFS use should be limited to non-sensitive files, such as data or common libraries and programs, and should where possible be made read-only to a specific domain or list of hosts.

Up to Security Page

A.Daviel