Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: NFS security issues with lockd and statd
Special Forums Cybersecurity NFS security issues with lockd and statd Post 78 by onceagain on Wednesday 11th of October 2000 06:36:50 PM
Old 10-11-2000
Question
We are trying to implement a NAS solution with UNIX servers and multiple networks, and I've heard that NFS has security issues with lockd and statd.

The security issue as it was explained to me is that these services are subject to vulnerabilities/exploits, and that users who connect to Unix servers through a VPN can exploit the lockd/statd services, and then compromise another user, i.e., go out another VPN to another network.

Can someone explain this further?
 

9 More Discussions You Might Find Interesting

1. AIX

Problem with NFS & rpc.lockd-Help Needed

We have windows clients that access drawing files shared from our AIX server using NFS. The Windows clients are intermittently unable to open files or access the system. For some reason restarting the rpc.lockd temporarily resolves the problem. However, that is the only clue I have to what the... (1 Reply)
Discussion started by: theologic
1 Replies

2. Solaris

How to Implement NFS Security in Sun Solaris 9

How to implement NFS Security in server where filesystem is configured as NFS & AutoFS? Any special patch need to be applied? What are the procedures? (1 Reply)
Discussion started by: KhawHL
1 Replies

3. Red Hat

Issues with LDAP user/group permissions on NFS share

I can't seem to make sense of this. $ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.2 Beta (Tikanga) $ $ mount /dev/sda2 on / type ext3 (rw) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/sda1 on... (6 Replies)
Discussion started by: dfinn
6 Replies

4. Homework & Coursework Questions

Security issues with universal access of file

Use and complete the template provided. The entire template must be completed. If you don't, your post may be deleted! 1. The problem statement, all variables and given/known data: If you look at the permissions associated with a symbolic link, it has universal access. Does this lead to... (0 Replies)
Discussion started by: linux17
0 Replies

5. UNIX for Advanced & Expert Users

nfs mount permission issues

Hello, We have some new application requirements that require us to use nfs mounts from aix 5.3 and mount to Oracle Linux 5.6. Do you know why when on the destination ( linux ) box, the root user cannot access directories made by other users in the nfs mounted filesystem ? I read that there... (0 Replies)
Discussion started by: fwellers
0 Replies

6. BSD

FreeBSD AMD NFS over TCP issues

Hi! I have a major issue with FreeBSD 7.1 i386. We did a change in our Unix env where we exchanged home storage from a NetAPP running udp to a NetAPP running tcp. Now I cant mount homedirs since NFS/AMD seem to fallback to udp :( Trying to force it with amd options nfs_proto=tcp and so on. ... (0 Replies)
Discussion started by: Esaia
0 Replies

7. HP-UX

SFU and NFS issues

Hi, I support a small lab of older HP UX 9 and 10 boxes. We have some older NT 4.0 machines at each UX box, with a old ZFS Server programs hosting two mounted directories. (Each UX and NT machine is on its own private network via crossover cable). Due to hardware failure/support EOL on NT, I have... (3 Replies)
Discussion started by: the spyder
3 Replies

8. UNIX for Advanced & Expert Users

Cron security issues?

Does the use of cron (HP-UX 11) present a security risk IF it is only given to accounts which have shell access anyway. If it does present a risk, what is the risk? Can a script (or command) run via cron; run anything, write anywhere or read anywhere that the same user can not do outside of... (2 Replies)
Discussion started by: eileenkeeney
2 Replies

9. Red Hat

NFS mount issues

Hi Experts, I have been using Linux (Redhat server 5.6) as a NFS server and it is mounted to 4 linux (SUSE) servers for storing the db logs. I added an entry in fstab in all my 4 clients to make sure the mount is available all the time. but unfortunately the mount is not showing in servers after... (6 Replies)
Discussion started by: sarav
6 Replies

LEARN ABOUT XFREE86

statd

statd(1M)						  System Administration Commands						 statd(1M)

NAME

       statd - network status monitor

SYNOPSIS

       /usr/lib/nfs/statd

DESCRIPTION

       statd  is  an  intermediate  version of the status monitor. It interacts with lockd(1M) to provide the crash and recovery functions for the
       locking services on NFS. statd keeps track of the clients with processes which hold locks on a server. When  the  server  reboots  after  a
       crash,  statd  sends  a message to the statd on each client indicating that the server has rebooted. The client statd processes then inform
       the lockd on the client that the server has rebooted. The client lockd then attempts to reclaim the lock(s) from the server.

       statd on the client host also informs the statd on the server(s) holding locks for the client when the client has rebooted. In  this  case,
       the  statd on the server informs its lockd that all locks held by the rebooting client should be released, allowing other processes to lock
       those files.

       lockd is started by automountd(1M), mount_nfs(1M), and share(1M) if NFS automounts are needed.

FILES

       /var/statmon/sm			       lists hosts and network addresses to be contacted after a reboot

       /var/statmon/sm.bak		       lists hosts and network addresses that could not be contacted after last reboot

       /var/statmon/state		       includes a number which changes during a reboot

       /usr/include/rpcsvc/sm_inter.x	       contains the rpcgen source code for the interface services provided by the statd daemon.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnfscu 		   |
       +-----------------------------+-----------------------------+

SEE ALSO

       svcs(1), automountd(1M), lockd(1M), mount_nfs(1M), share(1M), svcadm(1M), attributes(5), smf(5)

       System Administration Guide: IP Services

NOTES

       The crash of a server is only detected upon its recovery.

       The statd service is managed by the service management facility, smf(5), under the service identifier:

       svc:/network/nfs/status

       Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed  using  svcadm(1M).  The  ser-
       vice's status can be queried using the svcs(1) command.

       If  it  is disabled, it will be enabled by mount_nfs(1M), share_nfs(1M), and automountd(1M) unless  its	     application/auto_enable prop-
       erty is set to false.

SunOS 5.10							    18 Nov 2004 							 statd(1M)
All times are GMT -4. The time now is 12:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy