Re: NFS Security QuestionFrom: Matthew Collins (firstname.lastname@example.org)
- Previous message: Stuart Flisher: "RE: SunScreen Lite vs. IPF."
- In reply to: Nieusma, Jeff: "RE: NFS Security Question"
- Next in thread: Darren Moffat: "RE: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Aug 2001 13:08:11 +0100 From: Matthew Collins <email@example.com> To: "Nieusma, Jeff" <firstname.lastname@example.org> Subject: Re: NFS Security Question Message-ID: <20010814130811.A386@keg.zymurgy.org>
On Mon, Aug 13, 2001 at 02:31:35PM -0700, Nieusma, Jeff wrote:
> One way to deal with that is don't give anyone the root password on any of
> your machines. Use sudo to give people root access. Create a policy that
> says people cannot become root (sudo su, sudo csh, sudo ksh, etc...) or any
> other user without permission, they will be subject to disciplinary actions
> up to, and including, termination. Then setup syslog on all your machines to
> log to a limited access system, and review your logs.
While people are suggesting this as a solution to your stated problem - that
of su abuse via root to another uid - as Darren has pointed out it doesnt
address your fundamental concern.
If you do not secure your NFS layer a "malicious" user, or a user willingly
defying AUP's even without genuine malice, can bypass your security model
entirely. The "standard" NFS model works on host based trust; the protocol
does not perform authentication of a UID, it merely believes that if a packet
comes from a host permitted to mount a share and claims to be UID "joe" then
it is in fact UID "joe". There are downloadable tools that will quite happily
send out NFS protocol connections with bogus UID info that has no requirement
for you to actually be that UID on the client system.
While there are ways of addressing this, to a degree, via priviledged port
control, etc, the long and short of it is as follows:
To use NFS/NIS securely you need to secure the RPC layer. I would suggest
following Darrens advice if your filesystem security is of any real concern
to you or your company.
Of course, sudo is still useful for all sorts of other issues; it just
doesnt address this one particularly well.