COMMAND

    NFS

PROBLEM

    When  an  NFS  client  host  wants  to  access  a  remote  file or
    directory,  its  operating  system  sends  a  request  to  the NFS
    server.  The request  specifies, among others, a  file identifier,
    the  operation  (read,  write,  change  permission, etc.), and the
    identity of the user on whose behalf the operation is to be done.

    By default, the user identity  is specified with the UNIX  numeric
    user and group ids. With  this scheme, also called AUTH_UNIX,  the
    server simply believes anything that the client sends it.

    An NFS  request is  nothing but  a network  message. Any  user can
    run  a  program  that  generates  arbitrary  NFS  requests.   Such
    programs have been available  for several years, and  writing them
    does not require unusual programming skills.

    When   an   NFS   server    accepts   requests   with    AUTH_UNIX
    authentication from unprivileged  user programs, a  malicious user
    can execute file  access requests on  behalf of any  user. Reason:
    with AUTH_UNIX authentication, the user identity is nothing but  a
    few user and group ID numbers in a network message.