Re: NFS Security Question

• Previous message: Åke Nordin: "Re: NFS Security Question"
• Maybe in reply to: McGee Olson: "NFS Security Question"
• Next in thread: Ryan Russell: "Re: NFS Security Question"
• Reply: Ryan Russell: "Re: NFS Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <200108150005.f7F05fB296346@jurassic.eng.sun.com>
Date: Tue, 14 Aug 2001 17:05:05 -0700 (PDT)
From: Darren Moffat <Darren.Moffat@eng.sun.com>
Subject: Re: NFS Security Question
To: focus-sun@securityfocus.com, moose@ecsoft.se

>If user 'joe' works on 'foo', his homedirectory is shared to a
>netgroup (which contains hosts for which the root password is only
>known to us, i.e. hosts we 'control'), and for the machine 'foo'.

joe can get euid=0 via su since he doesn't know the password.

>If I understand you right, then this means that you deny 'joe' access to
>his NFS home on 'bar' and 'bob' access to his NFS home on 'foo'. When
>root (i .e. 'joe' with euid=0) su - 'bob' he accordingly just gets the
>system-wide default login enviroment and a CWD of '/' on 'foo'. Doesn't
>this mean that he (now with 'bob's euid) still may rlogin to 'bar',
>getting 'bob's NFS home as CWD, fully readable/writable (i. e. 'joe'
>on 'foo' has "become" 'bob' on 'bar') ?

Only if joe knows bob's password in which case the whole thing is pointless
anyway.

OR bob has a .rhosts file that says trust bob from foo by some rule.

Removing support for .rhosts is easy for Solaris 2.6 onwards, remove or
comment out pam_auth_rhosts entry in pam.conf.

While this works in the case it all falls apart if users have root
access to any machine that can mount the NFS share.

The only solution in this case is to use NFS with RPC security stronger
than AUTH_SYS as described in my previous replies - this is exactly the
case they were invented and implemented for.

--
Darren J Moffat

• Previous message: Åke Nordin: "Re: NFS Security Question"
• Maybe in reply to: McGee Olson: "NFS Security Question"
• Next in thread: Ryan Russell: "Re: NFS Security Question"
• Reply: Ryan Russell: "Re: NFS Security Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages 2.4.21 + Reiserfs + NFS oops ... I have been trying to export an reiserfs partition on NFS. ... I can mount it ... $ touch foo ... (Linux-Kernel) Re: generic INTERFACE and name clash ... program is valid as JOE is never referred and thus this restriction ... other than generic interfaces or ... may have the same identifier only if the identifier ... INTERFACE FOO ... (comp.lang.fortran) Re: NFS Security Question ... Subject: NFS Security Question ... >account. ... hypothetical situation, and the only fix possible under the circum- ... The only other possible solutions, as I see it, are to replace "joe" ... (Focus-SUN) Re: sudo vs. gksu ... I use joe as an editor ... Why run the risk or, even worse, guide newbies into taking this ... That is why I have a root password. ... (Ubuntu) convert a local user account to a domain account ... Consider the following scenario (details and names changed to protect ... Joe Schmoe joins organization Foo, Inc. which has an Active Directory ... Is there a sensible way to assign ownerships, registry settings and/or ... (microsoft.public.windowsxp.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint