T 3.10 Incorrect export of file systems under UNIX

Exported disks can be mounted by every computer answering with the name specified in the file /etc/exports and/or /etc/dfs/dfsta. The user of this computer may use any UID and GID. Unless directories were exported using the root= option, UID 0 (root) is an exception normally mapped to another UID (e.g. the UID of the user nobody or anonymous) when accessing an NFS server. Therefore, only files belonging to root can be protected.

Protected environments do not provide for sufficient protective safeguards regarding the use of the NFS protocols for exporting file systems and for distributing system files with the help of NIS. Therefore, the use constitutes a risk for the systems' integrity.

© Federal Office for Information Security. All rights reserved.