Web lists-archives.com

Re: NFS client and untrusted server




On Fri, Nov 24, 2017 at 10:28:27PM +0100, Chris wrote:
> All,
> 
> I want to backup a DMZ-server to an internal backup server.
> 
> Is it reasonable to setup an NFS-server in the DMZ and mount it from
> the inside server using the read-only, noexec and nosuid options? Could
> an attacker gain access to the internal server this way?
> 
> Does anyone use such a setup?
> 
> internal Server ---------------> DMZ
> (NFS-Client)			(NFS-Server)
> 
NFS is a very old protocol that very likely has as yet undiscovered
vulnerabilities.  I would expect that the likelihood of there being even
a theoretical vulnerability that would allow a malicous user on the
server to gain access to a client would be very low.

However, I think you are going about this all wrong.  A backup script or
program would have to touch/examine every file to determine its age, MD5
sum, or whatever other feature drives the backup/no-backup decision.
NFS is actually a terrible protocol for this sort of thing.

You are almost certainly better off creating a backup user on the DMZ
machine, setting its shell to something like rsync-only (check out the
rssh package, for example), and then using something like rsnapshot (my
personal favorite) or another rsync-based backup script/program.

That is likely to be more secure and I can practically guarantee it will
have better performance.

Regards,

-Roberto

-- 
Roberto C. Sánchez