IT Baseline Protection Manual - The Information Warfare Site

Threats Catalogue Deliberate Acts Remarks
____________________________________________________________________ .........................................
T 3.10 Incorrect export of file systems under UNIX
Exported disks can be mounted from any computer whose name is specified in
files /etc/exports or /etc/dfs/dfstab. The user of such a computer can assume
any UID and GID. As long as directories have not been exported with the
option root=, UID 0 (root) constitutes an exception which, on access to an
NFS server, is normally mapped to a different UID (e.g. to the UID of the user
nobody or anonymous). Hence only files which belong to root can be
protected.
There are no adequate protective measures available in protected
environments for the use of the NFS protocols for the export of file systems or
the distribution of system files using NIS. Such use therefore constitutes a
threat to the integrity of the systems.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000