Complex security mechanism is unsecure (was Re: non-superuser chown(2)s considered harmful)

[Kristoffer Eriksson]

In article <4088 at osc.COM> strick at osc.com (henry strickland) writes:
>In article <4627 at pkmab.se> ske at pkmab.se (Kristoffer Eriksson) writes:
 >>But that is fairly easy to prevent for a non-user account. Just make it
 >>impossible to login to that account.
 >
 >Nope.  In a great many NFS networks today it's not too hard to find one
 >workstation on which you can make yourself root.

I thought we already new that NFS was a horrid mess as regards to security.
Fix NFS! (Or throw it out) Don't throw out good security features.

-- 
Kristoffer Eriksson, Peridot Konsult AB, Hagagatan 6, S-703 40 Oerebro, Sweden
Phone: +46 19-13 03 60  !  e-mail: ske at pkmab.se
Fax:   +46 19-11 51 03  !  or ...!{uunet,mcsun}!sunic.sunet.se!kullmar!pkmab!ske