NFS Security Question
From: McGee Olson (molson@crystal.cirrus.com)Date: 08/13/01
- Previous message: Valerie Anne Bubb: "Re: SunScreen Lite vs. IPF."
- Next in thread: Neil Dickey: "Re: NFS Security Question"
- Reply: Neil Dickey: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Chuck Davis: "Re: NFS Security Question"
- Reply: Devey, Rick J.: "RE: NFS Security Question"
- Reply: Hal Flynn: "Re: NFS Security Question"
- Reply: Nieusma, Jeff: "RE: NFS Security Question"
- Reply: Darren Moffat: "RE: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Jan-Philip Velders: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Matthew Collins: "Re: NFS Security Question"
- Reply: Ryan Russell: "Re: NFS Security Question"
- Reply: Neil Dickey: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200108131706.MAA19040@csparc332.crystal.cirrus.com> Date: Mon, 13 Aug 2001 12:06:49 -0500 (CDT) From: McGee Olson <molson@crystal.cirrus.com> Subject: NFS Security Question To: focus-sun@securityfocus.com
Hello,
I have been looking for information on securing NFS with respect to root su
abilities. I have read the NFS FAQ at nfs.sourceforge.net and am not entirely
sure of what they said.
Here is an example of what I am trying to figure out:
1) You have an NIS server providing logins & passwords
2) You have an NFS server which houses user directories
3) Each workstation authenticates via NIS
4) Each workstation mounts the home directories via NFS
So, the scenario goes like this. You have two users "joe" and "bob".
You have two machines "foo" and "bar". "foo" and "bar" both satisfy
(3) and (4) above, and each has a different root password. "joe" has
root on "foo", and "bob" has root on "bar". "joe" logs in as root on
"foo", and then he executes the line "su - bob". Now, "joe" is logged
in as "bob" and has all the permissions associated with the "bob"
account.
Is there anyway to stop this from happening?
Thanks,
McGee
-- McGee Olson System Administrator, CAD Systems Cirrus Logic - Austin
- Previous message: Valerie Anne Bubb: "Re: SunScreen Lite vs. IPF."
- Next in thread: Neil Dickey: "Re: NFS Security Question"
- Reply: Neil Dickey: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Chuck Davis: "Re: NFS Security Question"
- Reply: Devey, Rick J.: "RE: NFS Security Question"
- Reply: Hal Flynn: "Re: NFS Security Question"
- Reply: Nieusma, Jeff: "RE: NFS Security Question"
- Reply: Darren Moffat: "RE: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Jan-Philip Velders: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Darren Moffat: "Re: NFS Security Question"
- Reply: Matthew Collins: "Re: NFS Security Question"
- Reply: Ryan Russell: "Re: NFS Security Question"
- Reply: Neil Dickey: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
