Re: IPSEC and NFS

["Marcus Leech" <Marcus.Leech.mleech@nt.com>]

Angelos D. Keromytis wrote:

> 
> I've been using NFS over IPsec to protect against outsider attacks for
> a while now, but I don't see how NFS can be made insider-resistant
> without major restructuring of the protocol. There's the implicit
> assumption that the client kernel is behaving. Of course, you didn't
> quite explain what your threat model was (hostile users on the client
> machine I presume -- in which case IPsec+priviledged ports required
> for the client can do wonders).
> Cheers,
Fair enough, I wasn't very clear on the threat model.

I'm particularly concerned about things like PCs participating in
  NFS services, in which it's sooooo easy for the client to "cheat"
  in the sense of claiming a uid/gid that it has no "right" to.
  I'm afraid that your analysis of NFS requiring major restructuring
  to protect agaist this is correct.  Secure RPC doesn't appear to
  be a reasonable fix for this either.  Sigh.

If I restrict an NFS server to only allowing SAs with hosts it
  knows "play by the rules"--in that user processes cannot fake
  legitimate NFS protocol (because they can't get a privileged port),
  then host-to-host IPSEC works.  What a marvellous world it would
  be if I could always make that assumption...

---

Follow-Ups:

• Re: IPSEC and NFS
• From: Dan McDonald <danmcd@Eng.Sun.Com>

---

• Prev by Date: Re: IPSEC and NFS
• Next by Date: Re: IPSEC and NFS
• Prev by thread: Re: IPSEC and NFS
• Next by thread: Re: IPSEC and NFS
• Index(es):
  • Main
  • Thread