Closed Reelix closed 3 years ago
As it stands, the check for NFS shares is at level 2 - Which is current reserved for information checks more so than critical ones.
https://github.com/diego-treitos/linux-smart-enumeration/blob/c795112ac530da18f7d357cab5c85650d61f4aeb/lse.sh#L816-L819
The thing is that NFS can easily be misconfigured
https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe
I suggest that either this be elevated to level 1, or an additional level 1 / level 0 check be added for cases where the NFS share specifically contains the no_root_squash permission.
no_root_squash
The no_root_squash definitely needs a level 0. I will probably add also no_all_squash as a level 1.
no_all_squash
Thank you for reporting this.
I am working on it.
Resolved in version 3.4
3.4
As it stands, the check for NFS shares is at level 2 - Which is current reserved for information checks more so than critical ones.
https://github.com/diego-treitos/linux-smart-enumeration/blob/c795112ac530da18f7d357cab5c85650d61f4aeb/lse.sh#L816-L819
The thing is that NFS can easily be misconfigured
https://book.hacktricks.xyz/linux-unix/privilege-escalation/nfs-no_root_squash-misconfiguration-pe
I suggest that either this be elevated to level 1, or an additional level 1 / level 0 check be added for cases where the NFS share specifically contains the
no_root_squash
permission.