Basically, if you have SGI NFS clients mounting filesystems from
SGI NFS servers with "root-as-nobody" access (access= entry, but
no root= entry), you can open() any regular file from the NFS
client. You can't read it, but you can open it. Once you've
opened it, this tends to corrupt the kernel file tables. Often
this results in the following possibilities:
- Root on the client can now read the file.
- No one else can access the file.
This continues until the machine is rebooted, thus it's most likely
only a problem in the SGI NFS client side of the software.
SGI did finally create Bug #465954, but I've been told that it's
unlikely that it'll be fixed anytime soon.
SGI's only response has been the following:
"The only workaround at this time for Bug #465954 is to specify
the root= option in /etc/exports. One of our lead engineer has
stated in the bug report that this does not cause a security problem,
so it should be safe for you to implement."
The only useful workaround I've been able to determine is to make
sure that any non-"root-as-nobody"-readable files are located in
directories that are also not accessible by "root-as-nobody" so
that this condition never pops up.
-- Mike Kienenberger Arctic Region Supercomputing Center Systems Analyst (907) 474-6842 mkienenb@arsc.edu http://www.arsc.edu