Re: NFS Security Question

From: Neil Dickey (neil@geol.niu.edu)
Date: 08/13/01 

Message-Id: <200108132003.PAA02167@shiloh.geol.niu.edu>
Date: Mon, 13 Aug 2001 15:03:57 -0500 (CDT)
From: Neil Dickey <neil@geol.niu.edu>
Subject: Re: NFS Security Question
To: focus-sun@securityfocus.com

McGee Olson <molson@crystal.cirrus.com> wrote asking:

>So, the scenario goes like this. You have two users "joe" and "bob".
>You have two machines "foo" and "bar". "foo" and "bar" both satisfy
>(3) and (4) above, and each has a different root password. "joe" has
>root on "foo", and "bob" has root on "bar". "joe" logs in as root on
>"foo", and then he executes the line "su - bob". Now, "joe" is logged
>in as "bob" and has all the permissions associated with the "bob"
>account.
>
>Is there anyway to stop this from happening?

I don't claim to be an expert, just a sysop for a number of years,
but I don't think there's a way to do that with NFS. We've had a
problem like this that involved violation of AUPs, rather like your
hypothetical situation, and the only fix possible under the circum-
stances was to eliminate the NFS connection, among a number of other
things. Briefly stated, the offending machine was isolated from the
rest of our network.

The only other possible solutions, as I see it, are to replace "joe"
with someone you can trust, or get rid of the "su" command, or both.
These options were either not available or were insufficiently secure
in our situation.

If anyone has a better approach, I'd sure like to know it.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115