From owner-freebsd-hackers Wed Feb 5 13:15:44 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id NAA12421 for hackers-outgoing; Wed, 5 Feb 1997 13:15:44 -0800 (PST) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.8.5/8.8.5) with SMTP id NAA12413 for ; Wed, 5 Feb 1997 13:15:35 -0800 (PST) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id OAA15553; Wed, 5 Feb 1997 14:12:46 -0700 From: Terry Lambert Message-Id: <199702052112.OAA15553@phaeton.artisoft.com> Subject: Re: NIS/uids To: W.Belgers@nl.cis.philips.com (Walter Belgers) Date: Wed, 5 Feb 1997 14:12:46 -0700 (MST) Cc: freebsd-hackers@freebsd.org In-Reply-To: from "Walter Belgers" at Feb 5, 97 11:00:12 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > > The problem now is that the security on my system has become dependant > > > > on that of the NIS server. If I am root on the NIS server I can change > > > > the uid of "user" into any user including root and make use of it on my > > > > system. > > > > It makes sense to me that "sensitive" user and group ID's perhaps > > should not be honored when they come in via NFS... ie: user root > > or bin, etc., or group bin or kmem. > > This has turned out to become a discussion about whether or not you > should trust your NIS server, but that's not what I wanted to know. > Let's assume I do not trust the uid's coming from the NIS server but I > still do want to use NIS (for passwd/homedir/gecos/whatever). Then you have the same problem, this time with associating a particular password with a particular name. All you have done is trade the association with uid for an association with name. There is nothing the prevents me, as an NIS server, from returning the password "frobozz" (encrypted, of course) for every user, regardless of their real password. Now you have the same security hole: you locally enforce the name/id mapping, but I can log in as any name on your machine (and therefore, and user id) using the password "frobozz". > Why does FreeBSD give me troubles when I override the uid in the local > password file? It wasn't a case which was considered to ever be anything someone would want to do, I believe. Mostly because if I compromise the NIS server, then I can force you to accept any password for any user/password pair, and thereby become any user/id pair, so it doesn't give you the protection you are trying to get it to give you. PS: Do not start a line with a naked "From". I think that's what screwed up the other guy's mail filter for his Pine. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.