Re: NFS Security Question
From: Ryan Russell (ryan@securityfocus.com)Date: 08/15/01
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Darren Moffat: "Re: NFS Security Question"
- Next in thread: Rich Teer: "Re: NFS Security Question"
- Reply: Rich Teer: "Re: NFS Security Question"
- Reply: Casper ***: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Aug 2001 18:43:18 -0600 (MDT) From: Ryan Russell <ryan@securityfocus.com> To: Darren Moffat <Darren.Moffat@eng.sun.com> Subject: Re: NFS Security Question Message-ID: <Pine.GSO.4.30.0108141839110.19939-100000@mail>
On Tue, 14 Aug 2001, Darren Moffat wrote:
> The only solution in this case is to use NFS with RPC security stronger
> than AUTH_SYS as described in my previous replies - this is exactly the
> case they were invented and implemented for.
I'm failing to grok something here, or perhaps I'm being too much of a
stickler.
If I'm sitting in front of my desktop Sparc, I can always get root. If
nothing else, Mudge's trick of doing a stop-A, and changing the process
structure in memory do my UID is 0 will do it quickly. I don't think
there is anything you can do to keep me from getting root on the box in
front of me eventually, short of firing for policy violation, etc..
besides, I think the original poster said the guy is allowed to have root,
no?
Anyway... All I have to do is invite Bob to log into my box, and his drive
mounts automatically, and I CD to it, because I'm root, yes?
Ryan
- Previous message: Darren Moffat: "Re: NFS Security Question"
- In reply to: Darren Moffat: "Re: NFS Security Question"
- Next in thread: Rich Teer: "Re: NFS Security Question"
- Reply: Rich Teer: "Re: NFS Security Question"
- Reply: Casper ***: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
