Control: tags -1 security This bug is a security issue, as noted by Stephen Dowdy. While this won't be a problem for stretch anymore, thanks to the upload of 1.3.4-1, it remains a problem for jessie. There are three categories of use cases allowing file access on the server beyond the limits of the export specifications. I will highlight these by example, as I have documented the generic conditions in my original bug report: 1. server1 with /etc/exports: /path/to/export -no_root_squash client1(root_squash) will allow client1 to access /path/to/export on server1 as root user. 2. server2 with /etc/exports: /path/to/export -async client2(all_squash) will allow client2 to access /path/to/export on server2 as any non-root uid/gid, instead of anonuid/anongid being used. 3. server3 with /etc/exports: /path/to/export -rw client3(ro) will allow client3 to write to any files in /path/to/export on server3, if filesystem permissions on the server allow this for the connecting uid/gid.
Regards Martin B
