Re: nis : how to avoid user1 becoming user2 using local root ?

From: Nick Lopez (securityfocus_at_glowingmonkey.org)
Date: 03/28/04

  • Next message: Brian Hatch: "Re: nis : how to avoid user1 becoming user2 using local root ?"
    Date: Sat, 27 Mar 2004 16:29:25 -0700
    To: focus-linux@securityfocus.com
    
    

    On Fri, Mar 26, 2004 at 04:58:06PM -0500, Fr?d?ric M?dery wrote:
    > our situation :
    > All linux servers, all nfs share use the root_squash option.
    > We're using NIS
    > All developpers can become root on their local machines.
    >
    > The prob : if user1 do a `su -` on their station. And then, `su user2`
    > they can become user2.
    >
    > For me it's a huge problem (windows don't have this prob, local admin
    > are very different from domain/server admin) is there a way to avoid
    > this prob ?
      Several, starting with using something besides NFS, like CIFS with unix
    extensions, AFS, or maybe NFSv4 though I havn't checked on how well the
    daemons work. Or, you could just not give untrusted users the powers of
    god. Fix filesystem permissions so they have access to what they need and
    sudo access to anything that can't be fixed with mere filesystem rights.

      You can also set them up with UML (User Mode Linux) to test their
    root-needing things. It gives them full control of the virtual system
    without giving them any rights to the real system.

      - Nick Lopez
        spamtrap@glowingmonkey.org

      -- Randomly selected signature --
    <>< As a computer I find your faith in technology amusing.


  • Next message: Brian Hatch: "Re: nis : how to avoid user1 becoming user2 using local root ?"

    Relevant Pages