OpenSSH Trojan

Matthias Benkmann matthias at winterdrache.de
Fri Aug 2 02:36:44 PDT 2002


On 02 Aug 2002 09:27:36 +0800 Steve Bougerolle
<steveb at creek-and-cowley.com> wrote:

> 
> On Fri, 2002-08-02 at 09:18, Steve Bougerolle wrote:
> > I'm sure I'm not the only LFSer who's still using NFS (and of course
> > all of us would like to dump it except the alternatives are too much
> > hassle).
> 
> Reading further I saw your NFS security note at the bottom of the hint. 
> All_squash isn't a realistic option for many (most?) NFS systems because
> it doesn't allow for shared home directories.  That is, all users look
> the same so there's no mechanism to give them individual control over
> files.

First of all, no one said that you need to use all_squash for users' home
directories. You should use all_squash for exported system directories. 
Secondly if you use NFS-mounted home directories you are exposing all of
your user accounts to an attacker. That's as bad as exposing the root
account. All of the important data (proprietary software, confidential
documents, mail,...) is owned by user accounts and user accounts have all
the rights someone who wants to 0wn your box needs. User accounts can be
used to start DoS attacks for instance. If I have all your user accounts
at my disposal I can live without the root account. And of course most
admins have a normal user account, too. It would be easy to hack your PATH
to replace su to sniff your root password. Besides, AFAIK it is very
common to have some files setuid daemon or setuid bin. Those are
vulnerable, too, without all_squash. So your argument is flawed. The real
problem is simply that NFS is insecure by design and should not be used in
an environment where physical access to the network is unprotected.

MSB

-- 
Where...the ENIAC is equipped with 18000 vacuum tubes and weighs 30 tons,
computers in the future may have 1000 vacuum tubes and perhaps weigh just
1-1/2 tons.

Popular Mechanics, March 1949, p.258

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list