Re: SECURITY PROBLEM: autofs [all versions]

To: npsimons@nmt.edu
Cc: Daniel Burrows <Daniel_Burrows@brown.edu>, Thor <thor@tech-center.com>, Debian Devel List <debian-devel@lists.debian.org>, debian-security@lists.debian.org
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Date: Tue, 04 Jul 2000 00:11:19 -0400
Message-id: <[🔎] 396163E7.9CEAB990@aet-usa.com>
References: <395D40C7.576B8AC8@aet-usa.com> <[🔎] 002901bfe335$22654fe0$0101a8c0@zac> <[🔎] 20000701085510.A28180@bluegreen> <[🔎] 20000701114758.A255@nmt.edu> <[🔎] 3960DA77.30B76C76@aet-usa.com> <[🔎] 20000703192519.A7405@nmt.edu>

Nathan Paul Simons wrote:
> 
>         Yeah, but a lot of our users like to use these machines remotely
> because they can rely on them not to be in Windows (unlike our other
> dual boot clients).  We try to keep only stable releases running on
> our production net machines so that we don't have to hard boot them.

Hrm.  Even stable isn't stable on my Athlon.  :(

The same applied to my Alpha, but it didn't have a reset button anyway. 
(Turns out to have been a hardware problem.)

>         We figure that the usermount option (with appropriate nosuid,
> nodev, and noexec options) in /etc/fstab are good enough.  Confusing to
> some users at first, but they learn quickly enough.

It's also superior to the autofs option (as you'd see if you follwed my
thread on the autofs list -- warning, it involves silly statements by
RMS, terse retorts by hpa, and my usual long-windedness).  Luckily, the
/etc/fstab entry is sane.  Autofs makes things easy, but it shouldn't
distribute security problems.  Luckily, only the yp server needs to be
updated.

Christopher

Reply to:

Follow-Ups:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Tim <tim@saboteur.cx>

References:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: "Thor" <thor@tech-center.com>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Daniel Burrows <Daniel_Burrows@brown.edu>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Nathan Paul Simons <npsimons@nmt.edu>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: Nathan Paul Simons <npsimons@nmt.edu>

Prev by Date: Re: Sheesh .. talk about beating a dead horse (autofs)
Next by Date: Re: Sheesh .. talk about beating a dead horse (autofs)
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread