On Thu, Nov 23, 2000 at 02:39:54PM +0100, Philippe Barnetche wrote: > Hi, > > you can change the PAM attributes of "su", avoiding local root to get user > account access. Of course, if your /etc is local, you'll still have the > problem. that would be very weak, if root could write to anywhere and compilers are available a very simple program to setuid(1000) would replace su quite easily. i have read about secure RPC which seems to somewhat solve NFS issues, but i think its not supported on linux. unfortunatly at this point it really boils down to: NFS is insecure, deal with it. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpMSXDlD12Ly.pgp
Description: PGP signature