From e48ae9d9564ddcadc05f3535328e55346a939d59 Mon Sep 17 00:00:00 2001 From: hubertf Date: Thu, 8 Oct 1998 14:47:02 +0000 Subject: NFS security verification suite --- security/nfsbug/patches/patch-aa | 40 +++++++++++ security/nfsbug/patches/patch-ab | 139 +++++++++++++++++++++++++++++++++++++++ security/nfsbug/patches/patch-ac | 24 +++++++ security/nfsbug/pkg/COMMENT | 1 + security/nfsbug/pkg/DESCR | 10 +++ security/nfsbug/pkg/PLIST | 2 + 6 files changed, 216 insertions(+) create mode 100644 security/nfsbug/patches/patch-aa create mode 100644 security/nfsbug/patches/patch-ab create mode 100644 security/nfsbug/patches/patch-ac create mode 100644 security/nfsbug/pkg/COMMENT create mode 100644 security/nfsbug/pkg/DESCR create mode 100644 security/nfsbug/pkg/PLIST (limited to 'security/nfsbug') diff --git a/security/nfsbug/patches/patch-aa b/security/nfsbug/patches/patch-aa new file mode 100644 index 00000000000..2c03eee1966 --- /dev/null +++ b/security/nfsbug/patches/patch-aa @@ -0,0 +1,40 @@ +--- Makefile.orig Fri Feb 17 06:57:26 1995 ++++ Makefile Mon Sep 28 17:44:50 1998 +@@ -1,21 +1,33 @@ +-CC=cc +-#CFLAGS=-g -I. -DSVR4 ++CC=gcc ++CFLAGS=-O2 -I. ++#CFLAGS=-ggdb -I. -DSVR4 -w + #LIBS=-lsocket -lnsl -L/usr/ucblib -lucb -lresolv +-CFLAGS=-ggdb -I. ++#LIBS=-lsocket -lnsl -lresolv ++#CFLAGS=-ggdb -I. + LIBS= + NFSBUG_SOURCES=mount_clnt.c mount_xdr.c nfs_prot_clnt.c nfs_prot_xdr.c nfsbug.c + NFSBUG_OBJECTS=mount_clnt.o mount_xdr.o nfs_prot_clnt.o nfs_prot_xdr.o nfsbug.o ++NFSSHELL_SOURCES=nfsshell.c nfs_prot_clnt.c nfs_prot_xdr.c mount_clnt.c mount_xdr.c ++NFSSHELL_OBJECTS=nfsshell.o nfs_prot_clnt.o nfs_prot_xdr.o mount_clnt.o mount_xdr.o + RPCGEN_MOUNT= mount.h mount_clnt.c mount_svc.c mount_xdr.c + RPCGEN_NFS_PROT= nfs_prot.h nfs_prot_clnt.c nfs_prot_svc.c nfs_prot_xdr.c + ++all: nfsbug nfsshell ++ ++nfsshell: ${NFSSHELL_OBJECTS} ++ $(CC) ${CFLAGS} -o nfsshell $(NFSSHELL_OBJECTS) $(LIBS) ++ ++${NFSSHELL_OBJECTS}: ${NFSSHELL_SOURCES} ++ + nfsbug: $(NFSBUG_OBJECTS) +- $(CC) -g -o nfsbug $(NFSBUG_OBJECTS) $(LIBS) ++ $(CC) ${CFLAGS} -o nfsbug $(NFSBUG_OBJECTS) $(LIBS) + + lint: $(NFSBUG_SOURCES) + lint $(NFSBUG_SOURCES) + + clean: + rm -f nfsbug $(NFSBUG_OBJECTS) $(RPCGEN_MOUNT) $(RPCGEN_NFS_PROT) core ++ rm -f ${NFSSHELL_OBJECTS} + + $(RPCGEN_MOUNT):; rpcgen mount.x + $(RPCGEN_NFS_PROT):; rpcgen nfs_prot.x diff --git a/security/nfsbug/patches/patch-ab b/security/nfsbug/patches/patch-ab new file mode 100644 index 00000000000..13e22c2c765 --- /dev/null +++ b/security/nfsbug/patches/patch-ab @@ -0,0 +1,139 @@ +--- nfsshell.c.orig Mon Sep 28 15:54:36 1998 ++++ nfsshell.c Mon Sep 28 15:57:22 1998 +@@ -1,3 +1,4 @@ ++/* URL: http://www.asmodeus.com/archive/Xnix/nfsShell */ + /* + * Copyright, 1991, 1992, by Leendert van Doorn (leendert@cs.vu.nl) + * +@@ -21,14 +22,19 @@ + #include + #include + #include +-#include ++/* #include *//*HF*/ + #include + #include + #include +-#include ++#include /*HF: NetBSD*/ ++/* #include *//*HF: Solaris*/ ++#include + #include "mount.h" + #include "nfs_prot.h" + ++int getline(char *buf, int bufsize, int *argc, char **argv, int argvsize); ++ ++ + /* + * Fundamental constants + */ +@@ -284,8 +290,11 @@ + register char *p; + + if (interact) printf("nfs> "); +- if (fgets(buf, bufsize, stdin) == NULL) ++ if (fgets(buf, bufsize, stdin) == NULL){ ++ perror("fgets"); ++ fprintf(stderr,"EOF?!\n"); + return 0; ++ } + *argc = 0; + for (p = buf; *p == ' ' || *p == '\t'; p++) + /* skip white spaces */; +@@ -340,7 +349,7 @@ + *var = argc == 2 ? atoi(argv[1]) : -2; + if (nfsclient && nfsclient->cl_auth) { + auth_destroy(nfsclient->cl_auth); +- nfsclient->cl_auth = authunix_create_default(uid, gid); ++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid); + } + } + +@@ -509,8 +518,7 @@ + /* + * Print long listing of a files, much in the way ``ls -l'' does + */ +-printfilestatus(name) +- char *name; ++printfilestatus(char *name) + { + diropargs args; + diropres *res; +@@ -1160,7 +1168,7 @@ + return 0; + } + clnt_control(nfsclient, CLSET_TIMEOUT, &timeout); +- nfsclient->cl_auth = authunix_create_default(uid, gid); ++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid); + + /* provide some generic name for it */ + if ((mountpath = malloc(8 + 1)) == NULL) { +@@ -1235,7 +1243,7 @@ + *var = 0x00100000; + if (nfsclient && nfsclient->cl_auth) { + auth_destroy(nfsclient->cl_auth); +- nfsclient->cl_auth = authunix_create_default(uid, gid); ++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid); + } + /* + * Put in some type of code here +@@ -1493,7 +1501,7 @@ + return 0; + } + clnt_control(mntclient, CLSET_TIMEOUT, &timeout); +- mntclient->cl_auth = authunix_create_default(0, 0); ++ mntclient->cl_auth = MYauthunix_create_default(0, 0); + if (verbose) + printf("Open %s (%s)\n", + remotehost, inet_ntoa(server_addr.sin_addr)); +@@ -1540,7 +1548,7 @@ + return 0; + } + clnt_control(nfsclient, CLSET_TIMEOUT, &timeout); +- nfsclient->cl_auth = authunix_create_default(uid, gid); ++ nfsclient->cl_auth = MYauthunix_create_default(uid, gid); + + /* + * Get file handle for this path from the mount daemon. There +@@ -1634,7 +1642,7 @@ + return RPC_ANYSOCK; + for (;;) { + sin.sin_port = htons((u_short)lport); +- if (bind(s, (caddr_t)&sin, sizeof (sin), 0) >= 0) { ++ if (bind(s, (caddr_t)&sin, sizeof (sin)/*, 0*//*HF*/) >= 0) { + (void)ioctl(s, FIONBIO, (char *) &dontblock); + if (verbose) + fprintf(stderr, "Using a privileged port (%d)\n", lport); +@@ -1672,14 +1680,14 @@ + * syscalls. + */ + AUTH * +-authunix_create_default(uid, gid) ++MYauthunix_create_default(uid, gid) + int uid, gid; + { + char machname[MAX_MACHINE_NAME + 1]; + int gids[1]; + + if (gethostname(machname, MAX_MACHINE_NAME) == -1) { +- fprintf(stderr, "authunix_create_default: cannot get hostname\n"); ++ fprintf(stderr, "MYauthunix_create_default: cannot get hostname\n"); + exit(1); + } + machname[MAX_MACHINE_NAME] = 0; +@@ -1858,8 +1866,7 @@ + * NFS errors + */ + char * +-nfs_error(nfsstat) +- enum nfsstat nfsstat; ++nfs_error(enum nfsstat nfsstat) + { + switch (nfsstat) { + case NFS_OK: +@@ -1903,4 +1910,3 @@ + } + } + +- +\ No newline at end of file diff --git a/security/nfsbug/patches/patch-ac b/security/nfsbug/patches/patch-ac new file mode 100644 index 00000000000..1f5a1ecb477 --- /dev/null +++ b/security/nfsbug/patches/patch-ac @@ -0,0 +1,24 @@ +--- nfsbug.c.orig Mon Sep 28 17:45:40 1998 ++++ nfsbug.c Mon Sep 28 17:47:58 1998 +@@ -25,16 +25,18 @@ + #include + #include + #include +-#include + #include + #include +-#include +-#include ++#include + #ifdef SVR4 + #include + #else + #ifndef HPUX ++#ifdef __NetBSD__ ++#include ++#else + #include ++#endif + #endif + #endif + diff --git a/security/nfsbug/pkg/COMMENT b/security/nfsbug/pkg/COMMENT new file mode 100644 index 00000000000..3fcbaa93f23 --- /dev/null +++ b/security/nfsbug/pkg/COMMENT @@ -0,0 +1 @@ +NFS security verification suite diff --git a/security/nfsbug/pkg/DESCR b/security/nfsbug/pkg/DESCR new file mode 100644 index 00000000000..d70e8b8b959 --- /dev/null +++ b/security/nfsbug/pkg/DESCR @@ -0,0 +1,10 @@ +This package consists of two parts, of which the first one ("nfsbug") +verifies a given NFS-server for known bugs like world wide exportable +file systems, determine whether the export list really works, +determine whether we can mount file systems through the portmapper, +try to guess file handles, excercise the mknod bug, and the uid +masking bug. + +The second program ("nfsshell") is included for demonstration purpose +to display the named deficiencies by offering a shell-like interface +to access NFS file systems. diff --git a/security/nfsbug/pkg/PLIST b/security/nfsbug/pkg/PLIST new file mode 100644 index 00000000000..db385889645 --- /dev/null +++ b/security/nfsbug/pkg/PLIST @@ -0,0 +1,2 @@ +bin/nfsbug +bin/nfsshell -- cgit v1.2.3