[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems with root on network clients

On Thu, Nov 23, 2000 at 02:39:54PM +0100, Philippe Barnetche wrote:
> Hi,
> you can change the PAM attributes of "su", avoiding local root to get user 
> account access. Of course, if your /etc is local, you'll still have the 
> problem.

that would be very weak, if root could write to anywhere and compilers
are available a very simple program to setuid(1000) would replace su
quite easily.

i have read about secure RPC which seems to somewhat solve NFS issues,
but i think its not supported on linux.

unfortunatly at this point it really boils down to: 

NFS is insecure, deal with it.

Ethan Benson

Attachment: pgpMSXDlD12Ly.pgp
Description: PGP signature

Reply to: