Re: IPSEC and NFS

["Michael R. Eisler" <Michael.Eisler@Eng.Sun.Com>]

> Angelos D. Keromytis wrote:
> 
> > 
> > I've been using NFS over IPsec to protect against outsider attacks for
> > a while now, but I don't see how NFS can be made insider-resistant
> > without major restructuring of the protocol. There's the implicit
> > assumption that the client kernel is behaving. Of course, you didn't
> > quite explain what your threat model was (hostile users on the client
> > machine I presume -- in which case IPsec+priviledged ports required
> > for the client can do wonders).
> > Cheers,
> Fair enough, I wasn't very clear on the threat model.
> 
> I'm particularly concerned about things like PCs participating in
>   NFS services, in which it's sooooo easy for the client to "cheat"
>   in the sense of claiming a uid/gid that it has no "right" to.
>   I'm afraid that your analysis of NFS requiring major restructuring
>   to protect agaist this is correct.  Secure RPC doesn't appear to
					^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

>   be a reasonable fix for this either.  Sigh.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

why?

> 
> If I restrict an NFS server to only allowing SAs with hosts it
>   knows "play by the rules"--in that user processes cannot fake
>   legitimate NFS protocol (because they can't get a privileged port),

not all operating systems support the concept of privileged users having
exclusive access to "privileged" ports. 

>   then host-to-host IPSEC works.  What a marvellous world it would
>   be if I could always make that assumption...

---

Follow-Ups:

• Re: IPSEC and NFS
• From: "Marcus Leech" <Marcus.Leech.mleech@nt.com>

---

• Prev by Date: Re: Tunnel Vs Transport
• Next by Date: Search draft
• Prev by thread: Re: Tunnel Vs Transport
• Next by thread: Re: IPSEC and NFS
• Index(es):
  • Main
  • Thread