Re: NIS with local root
From: Wallwork, Nathan (nwallwo@pnm.com)
Date: 01/31/03
- Previous message: Seth Arnold: "Re: NIS with local root"
- Maybe in reply to: Nathan Yocom: "Re: NIS with local root"
- Next in thread: Kevin Jackson: "Re: NIS with local root"
- Reply: Kevin Jackson: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 31 Jan 2003 14:02:57 -0700 (MST) From: "Wallwork, Nathan" <nwallwo@pnm.com> To: Kevin Jackson <kevin.jackson@genaware.com>
On Fri, 31 Jan 2003, Kevin Jackson wrote:
> If you mean from "if they have physical access to the box and are
> determined, they'll get root anyway" you mean exploit some unpatched
> service on the system -- then you may aswell forget about and type of NFS
> "squash" option altogether! ...as we are in a different territory now.
> See other securityfocus.com mailing lists on that one! ;-)
No, if someone has physical access to a PC they can turn it off,
open the case, short the jumper to clear the BIOS, boot from a
floopy or CD and get root. Securing the services and network won't
help if you allow untrusted users to have unsupervised access [which
is eventually going to happen at some point in any classroom or lab]
to the hardware.
With that in mind, it makes sense to build a solution in which a
person with root access to a machine on the network still cannot
modify another users files.
NFS doesn't get you that.
- Next message: Kevin Jackson: "Re: NIS with local root"
- Previous message: Seth Arnold: "Re: NIS with local root"
- Maybe in reply to: Nathan Yocom: "Re: NIS with local root"
- Next in thread: Kevin Jackson: "Re: NIS with local root"
- Reply: Kevin Jackson: "Re: NIS with local root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
