NFS Access by Managed Hosts

Identity

IP address.

Authentication

Host - None. The IP address is presumed trustworthy, which is a serious vulnerability as it might allow a villain using a spoofed IP address to retrieve sensitive data. Notably, if a managed host is enabled for initial installation, a villain might be able to retrieve a Solaris Flash archive.

User - Weak. The target is assumed trustworthy. A villain with superuser privileges on the target can retrieve potentially sensitive data.

Authorization

By IP address, using NFS share restrictions.

By standard file access controls.

Confidentiality

None, which is a serious vulnerability, as on initial installation it might allow a villain to snoop retrieval of a Solaris Flash archive.

Integrity

None, which is a serious vulnerability as it might allow productive corruption attacks on both initial installation and update.

Availability

Flood attacks and corruption attacks might disrupt service.

Accountability

None.