Re: NFS Security Question

From: Åke Nordin (moose@ecsoft.se)
Date: 08/15/01


Message-Id: <5.0.2.1.2.20010815011030.025f9e80@yams.ecsoft.se>
Date: Wed, 15 Aug 2001 01:41:41 +0200
To: focus-sun@securityfocus.com
From: Åke Nordin <moose@ecsoft.se>
Subject: Re: NFS Security Question


I fail to see how this works...

At 23:40 2001-08-14 +0200, jpv@jpv.xs4all.nl wrote:
> > From: McGee Olson <molson@crystal.cirrus.com>
>
> > Here is an example of what I am trying to figure out:
> > 1) You have an NIS server providing logins & passwords
> > 2) You have an NFS server which houses user directories
> > 3) Each workstation authenticates via NIS
> > 4) Each workstation mounts the home directories via NFS
...
> > So, the scenario goes like this. You have two users "joe" and "bob".
> > You have two machines "foo" and "bar". "foo" and "bar" both satisfy
> > (3) and (4) above, and each has a different root password. "joe" has
> > root on "foo", and "bob" has root on "bar". "joe" logs in as root on
> > "foo", and then he executes the line "su - bob". Now, "joe" is logged
> > in as "bob" and has all the permissions associated with the "bob"
> > account.
...
> > Is there anyway to stop this from happening?
>
>We decided to do it at the NFS layer.
>
>If user 'joe' works on 'foo', his homedirectory is shared to a
>netgroup (which contains hosts for which the root password is only
>known to us, i.e. hosts we 'control'), and for the machine 'foo'.
>
>If the users wishes that his homedirectory is also shared to other
>hosts, he has to request that and explain why he wants his
>homedirectory to be available on another system. (e.g. 'bar', because
>he frequently uses that machine because of the software 'bob' has
>installed there)

If I understand you right, then this means that you deny 'joe' access to
his NFS home on 'bar' and 'bob' access to his NFS home on 'foo'. When
root (i .e. 'joe' with euid=0) su - 'bob' he accordingly just gets the
system-wide default login enviroment and a CWD of '/' on 'foo'. Doesn't
this mean that he (now with 'bob's euid) still may rlogin to 'bar',
getting 'bob's NFS home as CWD, fully readable/writable (i. e. 'joe'
on 'foo' has "become" 'bob' on 'bar') ?

>Greetings,
>J.-Ph. Velders

Just my 0,00273 Euro...

/Åke Nordin, part-time Solaris admin at ECsoft (Sweden)



Relevant Pages

  • Re: Fedora 9: dbus problems with /home on nfs
    ... via GDM when I use a user with an NFS home, ... I have no problem just getting a ssh shell for an NFS ... I've never tried using an nfs mount as my home directory, but I do have an nfs ...
    (Fedora)
  • Re: Fedora 9: dbus problems with /home on nfs
    ... via GDM when I use a user with an NFS home, ... I have no problem just getting a ssh shell for an NFS ... realistic alternatives in our environment. ... I'm using kdm and not gdm ...
    (Fedora)
  • Re: Fedora 9: dbus problems with /home on nfs
    ... via GDM when I use a user with an NFS home, ... I have no problem just getting a ssh shell for an NFS ... realistic alternatives in our environment. ... I'm using kdm and not gdm ...
    (Fedora)
  • Re: Fedora 9: dbus problems with /home on nfs
    ... via GDM when I use a user with an NFS home, ... I have no problem just getting a ssh shell for an NFS ... I've never tried using an nfs mount as my home directory, but I do have an nfs ... realistic alternatives in our environment. ...
    (Fedora)
  • Re: Kernel kompilieren: disk full
    ... Deswegen kopiere ich das Zeug doch noch lange nicht vorher in ... das Homedirectory des jeweiligen Users (was ggf. ... Okay, bei NFS nicht, dann brauchst du eben eine lokale ...
    (de.comp.os.unix.linux.misc)