The Unix-Haters handbook page 322

290 NFS know that. So whenever you send a magic cookie to the NFS server, asking it to read or write a file, you also tell the server your user number. Want to read George’s files? Just change your UID to be George’s, and read away. After all, it’s trivial to put most workstations into single-user mode. The nice thing about NFS is that when you compromise the workstation, you’ve compromised the server as well. Don’t want to go through the hassle of booting the workstation in single- user mode? No problem! You can run user-level programs that send requests to an NFS server—and access anybody’s files—just by typing in a 500-line C program or getting a copy from the net archives. But there’s more. Because forging packets is so simple, many NFS servers are configured to prevent superuser across the network. Any requests for superuser on the network are automatically mapped to the “nobody” user, which has no privileges. Because of this situation, the superuser has fewer privileges on NFS work- stations than non-superuser users have. If you are logged in as superuser, there is no easy way for you to regain your privilege—no program you can run, no password you can type. If you want to modify a file on the server that is owned by root and the file is read-only, you must log onto the server—unless, of course, you patch the server’s operating system to elim- inate security. Ian Horswill summed it all up in December 1990 in response to a question posed by a person who was trying to run the SUID mail deliv- ery program /bin/mail on one computer but have the mail files in /usr/ spool/mail on another computer, mounted via NFS. Date: Fri, 7 Dec 90 12:48:50 EST From: “Ian D. Horswill” ian@ai.mit.edu To: UNIX-HATERS Subject: Computational Cosmology, and the Theology of Unix It works like this. Sun has this spiffy network file system. Unfortu- nately, it doesn’t have any real theory of access control. This is partly because Unix doesn't have one either. It has two levels: mortal and God. God (i.e., root) can do anything. The problem is that networks make things polytheistic: Should my workstation’s God be able to turn your workstation into a pillar of salt? Well gee, that depends on whether my God and your God are on good terms or maybe are really just the SAME God. This is a deep and important theological ques- tion that has puzzled humankind for millennia.

Not File System Specific? (Not Quite) 291 The Sun kernel has a user-patchable cosmology. It contains a poly- theism bit called “nobody.” When network file requests come in from root (i.e., God), it maps them to be requests from the value of the kernel variable “nobody” which as distributed is set to -1 which by convention corresponds to no user whatsoever, rather than to 0, the binary representation of God (*). The default corresponds to a basically Greek pantheon in which there are many Gods and they’re all trying to screw each other (both literally and figuratively in the Greek case). However, by using adb to set the kernel variable “nobody” to 0 in the divine boot image, you can move to a Ba’hai cosmology in which all Gods are really manifestations of the One Root God, Zero, thus inventing monotheism. Thus when the manifestation of the divine spirit, binmail, attempts to create a mailbox on a remote server on a monotheistic Unix, it will be able to invoke the divine change-owner command so as to make it profane enough for you to touch it without spontaneously combust- ing and having your eternal soul damned to hell. On a polytheistic Unix, the divine binmail isn’t divine so your mail file gets created by “nobody” and when binmail invokes the divine change-owner com- mand, it is returned an error code which it forgets to check, knowing that it is, in fact, infallible. So, patch the kernel on the file server or run sendmail on the server. -ian ————————————————————— (*) That God has a binary representation is just another clear indica- tion that Unix is extremely cabalistic and was probably written by disciples of Aleister Crowley. Not File System Specific? (Not Quite) The NFS designers thought that they were designing a networked file sys- tem that could work with computers running operating systems other than Unix, and work with file systems other than the Unix file system. Unfortu- nately, they didn’t try to verify this belief before they shipped their initial implementation, thus establishing the protocol as an unchangeable stan- dard. Today we are stuck with it. Although it is true that NFS servers and clients have been written for microcomputers like DOS PCs and Macin- toshes, it’s also true that none of them work well.

Previous Page Next Page

The Unix-Haters handbook Page 322 (322 of 360)

The Unix-Haters handbook resources

Help