Re: SECURITY PROBLEM: autofs [all versions]

To: Alvin Oga <aoga@Mail.Linux-Consulting.com>
Cc: Debian Devel List <debian-devel@lists.debian.org>, debian-security@lists.debian.org
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Date: Mon, 03 Jul 2000 14:17:22 -0400
Message-id: <[🔎] 3960D8B2.83AB87B@aet-usa.com>
References: <Pine.LNX.3.96.1000630215055.25078A-100000@Maggie.Linux-Consulting.com>

Alvin Oga wrote:

> anytime someone has physical access to the machine...
> you already have a security problem.... ( my definition )

Fine definition.  Not all computers are locked up, however, and if there
is a huge room with only remote access allowed, there are often trust
relationships setup that can be exploited.

> i am not sure that you can get physical access as root
> from the options shown in /etc/auto.misc.... but if oyu
> are correct....wow...wonder how many people tried it...
> and only now surfaces ???

I've done it.  Try it.  I tried to confirm w/others on IRC, but nobody
had autofs installed.

> I always disable those "system defined options" anyway...
> and use my own  automated   servers:/directories
> 
> there was lots of discussion the past couple weeks of what
> needs to be in /etc/auto.master and /etc/auto.misc
> and automaps from NIS and which to read first and functions
> supported or not...
>         - newest supported feature is ldap in autofs

I've not gotten around to setting up LDAP, but I don't want my NIS to
distribute security holes to all the client machines.

Chris

Reply to:

Prev by Date: Re: SECURITY PROBLEM: autofs [all versions]
Next by Date: Re: SECURITY PROBLEM: autofs [all versions]
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: HavenCo
Index(es):
- Date
- Thread