From owner-freebsd-security Sun Jul 23 18:14:31 2000 Delivered-To: freebsd-security@freebsd.org Received: from gatekeeper.veriohosting.com (gatekeeper.veriohosting.com [192.41.0.2]) by hub.freebsd.org (Postfix) with ESMTP id 99F3937B6CE for ; Sun, 23 Jul 2000 18:14:29 -0700 (PDT) (envelope-from hart@iserver.com) Received: by gatekeeper.veriohosting.com; Sun, 23 Jul 2000 19:14:25 -0600 (MDT) Received: from unknown(192.168.1.109) by gatekeeper.veriohosting.com via smap (V3.1.1) id xma006001; Sun, 23 Jul 00 19:14:10 -0600 Received: (from hart@localhost) by anchovy.orem.iserver.com (8.9.3/8.9.3) id TAA32580; Sun, 23 Jul 2000 19:14:10 -0600 (MDT) (envelope-from hart) Date: Sun, 23 Jul 2000 19:14:10 -0600 (MDT) From: Paul Hart X-Sender: hart@anchovy.orem.iserver.com To: "Thomas R. Stromberg" Cc: freebsd-security@FreeBSD.ORG Subject: Re: Status of FreeBSD security work? Audit, regression and crypto swap? In-Reply-To: <39788D89.56359DCA@rtci.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, 21 Jul 2000, Thomas R. Stromberg wrote: > Ive also messed around with storing my home directory in cfs, until I > forgot its password :( One other bad thing about using CFS for a home directory is the fact that cdetach cannot make distinctions about whether it is the owner of the CFS mount who is detaching it. As long as you know the name of the mount you can detach mounts belonging to other people. Since your home directory needs to be a fixed (and well-known) path name, you can become vulnerable to a lame variety of denial-of-service attack against your account. Paul Hart -- Paul Robert Hart ><8> ><8> ><8> Verio Web Hosting, Inc. hart@iserver.com ><8> ><8> ><8> http://www.iserver.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message