Date: Mon, 14 May 2001 15:46:25 -0400 From: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> To: freebsd-security@FreeBSD.ORG Subject: Re: nfs mounts / su / yp Message-ID: <3B003611.E96E8AE1@lmc.ericsson.se> References: <20010514200927.A32697@student.uu.se> <Pine.WNT.4.10.10105141416260.-559341@rosencrantz.east.isi.edu> <20010514204259.A33451@student.uu.se> <3B00295D.24643CD7@centtech.com> <3B002E2B.1337F4C9@lmc.ericsson.se> <20010514122650.T18676@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Alfred Perlstein wrote: > > * Antoine Beaupre (LMC) <Antoine.Beaupre@ericsson.ca> [010514 12:20] wrote: > > [cc's trimmed] > > > > You can't. Once the user has root, he can reinstall a complete system, > > bypassing any *local* policy you might have. You can't keep root from > > doing *anything* by definition. I think there has been a few threads > > regarding this on this list. This might be seen as a UNIX design flaw > > but I certainly disagree. Anyways, that is not the issue here. > > FreeBSD has securelevels, while not ideal, if implemented properly > they can limit what root can do. Definitly. One might also mention the infmaous Jail. :) But then again, I think our folks here mentionned something like: On Mon, 14 May 2001, Eric Anderson wrote: > I have users that WILL get root on their desktop machines, one way or > the other. At that point, securelevel or not, jail or not, if the user has physical access to the machine, he is the Root God. Make the console insecure, he'll boot with a floppy. Make the floppy unbootable with a BIOS password, he'll jump the board. Remove the floppy and any removable altogether, and he'll slam his own floppy drive in. Put a lock on the case, he'll break it. There's no escape. A client machine is by definition untrustable, if you don't trust the operator. I think a sysadmin giving a workstation, with full access to a "shared" network (ie. with NFS and YP packets flying around), to a user, must trust the user. Or at least restrict access to the network, or change its infrastructure. I know I might get flamed for this, but you guys should take a look at samba. :) The SMB shares are password protected, usually, which means that they do not (necessarly) rely on client-side authentication, and allow password encryption. I might be wrong though. :) A. -- La sémantique est la gravité de l'abstraction. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B003611.E96E8AE1>