Date: Tue, 25 Jun 1996 12:26:17 -0400 (EDT) From: Jeff Aitken <jaitken@cslab.vt.edu> To: Andrew.Gordon@net-tel.co.uk Cc: security@freebsd.org Subject: Re: Re(2): I need help on this one - please help me track this guy down! Message-ID: <199606251626.MAA06583@husky.cslab.vt.edu> In-Reply-To: <"811-960625150230-D047*/G=Andrew/S=Gordon/O=NET-TEL Computer from "Andrew.Gordon@net-tel.co.uk" at Jun 25, 96 03:02:08 pm
next in thread | raw e-mail | index | archive | help
> But what file transfer mechanism was used? NFS maybe? > > Personally, I like to mount all NFS filesystems "nosuid" - and likewise > for all local systems exported by NFS (I don't normally export / or > /usr). Most users have no business creating setuid programs in their > filespace, and such a policy would most likely have prevented this > breach even if the setuid binary was created by some other means. One thing you can do to help with this sort of problem is to map UID 0 to some other UID. In our lab, we've got an AlphaStation which exports several filesystems via NFS. On a few administrative-type machines, we map UID 0 to UID 0 (so that root on any of the administrative machines can alter files as needed) but on the client machines (i.e., those machines used primarily by lab patrons) UID 0 is mapped to 'nobody' or somesuch. Furthermore, only system administrators have accounts on the servers; thus, even if someone breaks root on a client machine in the lab, they can't install any sort of backdoor on the server. If/when such a compromise is detected, we simply reinstall the OS on the client machine. I've got my FreeBSD installs down to an hour or so by now :-) Under Digital Unix, the syntax in /etc/exports goes something like this: /exported/filesystem -root=admin.machine.1 -root=admin.machine.2 client.machine.1 client.machine.2 and so on. I haven't set up this sort of thing under FreeBSD, but I believe the -maproot option provides equivalent functionality. See exports(5) for more information. None of this addresses the potential problem of address/hostname spoofing (i.e., if someone can convince the NFS server that they are one of the administrative machines, you're in trouble), but it's better than nothing. -- Jeff Aitken jaitken@cs.vt.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606251626.MAA06583>