Re: NFS client and untrusted server
- Date: Fri, 24 Nov 2017 21:44:56 -0500
- From: Roberto C. Sánchez <roberto@xxxxxxxxxx>
- Subject: Re: NFS client and untrusted server
On Fri, Nov 24, 2017 at 10:28:27PM +0100, Chris wrote:
> I want to backup a DMZ-server to an internal backup server.
> Is it reasonable to setup an NFS-server in the DMZ and mount it from
> the inside server using the read-only, noexec and nosuid options? Could
> an attacker gain access to the internal server this way?
> Does anyone use such a setup?
> internal Server ---------------> DMZ
> (NFS-Client) (NFS-Server)
NFS is a very old protocol that very likely has as yet undiscovered
vulnerabilities. I would expect that the likelihood of there being even
a theoretical vulnerability that would allow a malicous user on the
server to gain access to a client would be very low.
However, I think you are going about this all wrong. A backup script or
program would have to touch/examine every file to determine its age, MD5
sum, or whatever other feature drives the backup/no-backup decision.
NFS is actually a terrible protocol for this sort of thing.
You are almost certainly better off creating a backup user on the DMZ
machine, setting its shell to something like rsync-only (check out the
rssh package, for example), and then using something like rsnapshot (my
personal favorite) or another rsync-based backup script/program.
That is likely to be more secure and I can practically guarantee it will
have better performance.
Roberto C. Sánchez