Date: Mon, 14 May 2001 15:12:43 -0400 From: "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca> To: freebsd-security@FreeBSD.ORG Subject: Re: nfs mounts / su / yp Message-ID: <3B002E2B.1337F4C9@lmc.ericsson.se> References: <20010514200927.A32697@student.uu.se> <Pine.WNT.4.10.10105141416260.-559341@rosencrantz.east.isi.edu> <20010514204259.A33451@student.uu.se> <3B00295D.24643CD7@centtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[cc's trimmed] Eric Anderson wrote: > > Well, I think the problem is that a local root should mean only local > root access, and su should not allow you to su to non-local users (ie, > NIS users). That policy (local-only su) if implemented on a machine, can be circumvented when the user gets root access. Heck, the user can even install another system that *doesn't have* that policy. > The problem is simply how do you stop root from su'ing to > another user? You can't. Once the user has root, he can reinstall a complete system, bypassing any *local* policy you might have. You can't keep root from doing *anything* by definition. I think there has been a few threads regarding this on this list. This might be seen as a UNIX design flaw but I certainly disagree. Anyways, that is not the issue here. I thing the problem is more: "How do you stop a workstation user from reading other users home directories, even as root?" First, if the home directories are physically stored on the workstation, the local user can hack root (or break into the box/hard drive itself) and read these. End of story. Second, if the home directories are stored on a NFS server, you'll soon realize that your all-powerful local workstation user can easily masquerade as any user id, as soon as he has control over his own box. This is not a design problem in FreeBSD, but in NFS. I think the only solution has already been mentionned, but I'll include it here for completeness. Third: you store each user's home directory on his own workstation, without sharing it through the network. This is the only solution if you cannot restrict root access to these workstations. NFS/YP design is not really "absolutely" secure, nor has it ever been this way. It relies on certain predicates, one of these being that the userid info coming from an nfs/yp client is trustable. Which is not the case if you allow root on these clients. Anyways, someone with root access to a box on a network can even sniff the network for these nice little NFS packets (or yp passwords, for that matter) and bypass anything you might have put in their way. Correct me if I'm wrong. A. -- La sémantique est la gravité de l'abstraction. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B002E2B.1337F4C9>