NFS & security (was Re: Complex security mechanism is unsecure)
Anton Rang
rang at cs.wisc.edu
Mon Dec 17 05:11:37 AEST 1990
In article <4088 at osc.COM> strick at osc.com (henry strickland) writes:
>In the normal NFS setup, making myself root on a workstation does not
>give me root priveleges on the filesystem of a remote NFS server
>which I can mount the partitions of. [ ... ] Now if any of these
>non-root users owns (or groups has w bits on) some file in the PATH
>of root (or one of the directories or superdirectories in the PATH),
>the trojan horse can ride.
Does Sun still install their OS distributions with directories owned
by bin? This one bit me once, before I realized how easy it was to
spoof the YP "authentication" (netgroups stuff) which was being used
to "restrict" (ha!) people from mounting our servers.... Sigh.
Anton
+---------------------------+------------------+-------------+
| Anton Rang (grad student) | rang at cs.wisc.edu | UW--Madison |
+---------------------------+------------------+-------------+
More information about the Comp.unix.internals
mailing list