Re: nis : how to avoid user1 becoming user2 using local root ?
From: Mike Hogsett (hogsett_at_csl.sri.com)
Date: 04/01/04
- Previous message: Gord Philpott: "iptables firewall script for debian-woody, 2.4.24"
- Maybe in reply to: Frank Burkhardt: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: James Lick: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Reply: James Lick: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Reply: Frank Burkhardt: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-linux@securityfocus.com Date: Thu, 01 Apr 2004 10:10:48 -0800
> to everyone. The problem is the NFS-server trusting UIDs on remote
> computers.
If person-1 is the only one on host-a (e.g. if there is a one to one
mapping between the nfs client and the user) you can perform all_squashing
and anonuid and anongid mapping.
See exports(5)
/etc/exports
...
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
...
So no matter what UID comes in from the NFS client the NFS server will map
them to another user/group id. So who cares if Joe su's to Mark, from
Joe's machine the NFS server will still treat him as Joe.
Hope this helps.
- Mike
- Previous message: Gord Philpott: "iptables firewall script for debian-woody, 2.4.24"
- Maybe in reply to: Frank Burkhardt: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Next in thread: James Lick: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Reply: James Lick: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Reply: Frank Burkhardt: "Re: nis : how to avoid user1 becoming user2 using local root ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
