Re: NFS Security Question
From: Casper *** (Casper.***@Sun.COM)Date: 08/15/01
- Previous message: Armin Safarians: "Re: NFS Security Question"
- In reply to: Ryan Russell: "Re: NFS Security Question"
- Next in thread: Darren Moffat: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200108151721.TAA03377@romulus.Holland.Sun.COM> To: Ryan Russell <ryan@securityfocus.com> Subject: Re: NFS Security Question Date: Wed, 15 Aug 2001 19:21:56 +0200 From: Casper *** <Casper.***@Sun.COM>
>Anyway... All I have to do is invite Bob to log into my box, and his drive
>mounts automatically, and I CD to it, because I'm root, yes?
No filesystem is going to prevent the latter. Nor will Kerberos
help if you are root (in the traditional maning of having full-control
over the system) when Bob logs into your system.
When someone gives your kernel some access tokens, root will have accss.
Secure RPC, Kerberos, and others only work well if you either have
restricted root accss (say, shared compute servers that access an NFS
resource) or restrict poeople's logins to their desktops.
Casper
- Previous message: Armin Safarians: "Re: NFS Security Question"
- In reply to: Ryan Russell: "Re: NFS Security Question"
- Next in thread: Darren Moffat: "Re: NFS Security Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
