NFS can create security issues for NFS clients as well as for NFS servers. Because the files that a client mounts appear in the client’s filesystem, an attacker who is able to modify mounted files can directly compromise the client’s security.

The primary system that NFS uses for authenticating servers is based on IP host addresses and hostnames. NFS packets are not encrypted or digitally signed in any way. Thus, an attacker can spoof an NFS client either by posing as an NFS server or by changing the data that is en route between a server and the client. In this way, an attacker can force a client machine to run any NFS-mounted executable. In practice, this ability can give the attacker complete control over an NFS client machine.

At mount time, the Unix mount command allows the client system to specify whether SUID files on the remote filesystem will be honored as such. This capability is one of the reasons that the mount command requires superuser privileges to execute. If you provide facilities to allow users to mount their own filesystems (including NFS filesystems as well as filesystems on floppy disks), you should make sure that the facility specifies the nosuid option. Otherwise, users might mount a disk that has a specially prepared SUID program that could cause you some headaches later on.

It’s also wise to avoid mounting device files from the server. The nodev option to mount, if available, prevents character and block special devices from being ...