From owner-freebsd-security Mon May 14 12:46:37 2001 Delivered-To: freebsd-security@freebsd.org Received: from imr2.ericy.com (imr2.ericy.com [12.34.240.68]) by hub.freebsd.org (Postfix) with ESMTP id C9BBC37B423 for ; Mon, 14 May 2001 12:46:32 -0700 (PDT) (envelope-from Antoine.Beaupre@ericsson.ca) Received: from mr6.exu.ericsson.se (mr6att.ericy.com [138.85.92.14]) by imr2.ericy.com (8.11.3/8.11.3) with ESMTP id f4EJkW801380 for ; Mon, 14 May 2001 14:46:32 -0500 (CDT) Received: from noah.lmc.ericsson.se (noah.lmc.ericsson.se [142.133.1.1]) by mr6.exu.ericsson.se (8.11.3/8.11.3) with ESMTP id f4EJkVw19332 for ; Mon, 14 May 2001 14:46:32 -0500 (CDT) Received: from lmc35.lmc.ericsson.se (lmc35.lmc.ericsson.se [142.133.16.175]) by noah.lmc.ericsson.se (8.11.2/8.9.2) with ESMTP id f4EJkVG27463 for ; Mon, 14 May 2001 15:46:31 -0400 (EDT) Received: by lmc35.lmc.ericsson.se with Internet Mail Service (5.5.2653.19) id ; Mon, 14 May 2001 15:46:31 -0400 Received: from lmc.ericsson.se (lmcpc100455.pc.lmc.ericsson.se [142.133.23.150]) by LMC37.lmc.ericsson.se with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id JQDZQAZZ; Mon, 14 May 2001 15:46:27 -0400 From: "Antoine Beaupre (LMC)" To: freebsd-security@FreeBSD.ORG Message-ID: <3B003611.E96E8AE1@lmc.ericsson.se> Date: Mon, 14 May 2001 15:46:25 -0400 Organization: LMC, Ericsson Research Canada X-Mailer: Mozilla 4.7 [en]C-CCK-MCD (WinNT; U) X-Accept-Language: en,fr-CA,fr MIME-Version: 1.0 Subject: Re: nfs mounts / su / yp References: <20010514200927.A32697@student.uu.se> <20010514204259.A33451@student.uu.se> <3B00295D.24643CD7@centtech.com> <3B002E2B.1337F4C9@lmc.ericsson.se> <20010514122650.T18676@fw.wintelcom.net> Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Alfred Perlstein wrote: > > * Antoine Beaupre (LMC) [010514 12:20] wrote: > > [cc's trimmed] > > > > You can't. Once the user has root, he can reinstall a complete system, > > bypassing any *local* policy you might have. You can't keep root from > > doing *anything* by definition. I think there has been a few threads > > regarding this on this list. This might be seen as a UNIX design flaw > > but I certainly disagree. Anyways, that is not the issue here. > > FreeBSD has securelevels, while not ideal, if implemented properly > they can limit what root can do. Definitly. One might also mention the infmaous Jail. :) But then again, I think our folks here mentionned something like: On Mon, 14 May 2001, Eric Anderson wrote: > I have users that WILL get root on their desktop machines, one way or > the other. At that point, securelevel or not, jail or not, if the user has physical access to the machine, he is the Root God. Make the console insecure, he'll boot with a floppy. Make the floppy unbootable with a BIOS password, he'll jump the board. Remove the floppy and any removable altogether, and he'll slam his own floppy drive in. Put a lock on the case, he'll break it. There's no escape. A client machine is by definition untrustable, if you don't trust the operator. I think a sysadmin giving a workstation, with full access to a "shared" network (ie. with NFS and YP packets flying around), to a user, must trust the user. Or at least restrict access to the network, or change its infrastructure. I know I might get flamed for this, but you guys should take a look at samba. :) The SMB shares are password protected, usually, which means that they do not (necessarly) rely on client-side authentication, and allow password encryption. I might be wrong though. :) A. -- La sémantique est la gravité de l'abstraction. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message