[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is there any encrypted or secure NFS?

On Tue, 2004-01-06 at 02:24, Paul Smith wrote:
> %% Mark Roach <mrroach@okmaybe.com> writes:
> 
>   mr> Yup. Install a key-sniffer, wait for the victim to unwittingly
>   mr> type his password.
> 
> Why would I type my password on your box?  I would never do that, that's
> not how Kerberos works.

Yes it is. It is not how something like RSA securids, or CryptoCards
work, but kerberos does not automatically mean one of those will be in
use.

> As I said, if you can root my box then you can gain my credentials and
> masquerade as me, although you can't do it without making some kind of
> potentially detectable change to my system.
> 
> But that is certainly an order of magnitude more secure than basic NFS,
> which says that if you can root _ANY_ box on the network, including
> yours, you can masquerade as me, and further there is no way to detect
> it.
> 
>   >> You can install trojans, for starters.  But at least you have to
>   >> have root access on _their_ box 
> 
>   mr> incorrect, see above.
> 
> Make sure you're familiar with Kerberos.  Kerberos, like SSH, never
> sends passwords to the remote host, so there's no way to get my
> credentials unless you can install a trojan on MY box.  Nothing you can
> do on YOUR box, even if you're root, can be used to hijack my identity.

it doesn't send the password over the network, it does require the
password to be typed. (I think you missed the original question. Having
root on _your_ box is the given that we are assuming.)

>   mr> This is all a moot point though, the fact is that there is no way
>   mr> to secure the data going in and out of a machine such that root
>   mr> can't ever get at it.
> 
> I guess we have to define what we mean by "security"; there are lots of
> forms of security.
> 
> However, I don't agree with your comment above.  It may be mostly true
> for the hosts at the origin and destination of the data, but it can
> obviously be secured for all intermediate systems.
[...]
> I do agree that you can't secure the data from root on the client,

This is what I meant, of course.

> Unfortunately, not handing out the root password is really not a viable
> situation, again IMO, with a desktop system in anything but the most
> basic environment (like kiosks and POS terminals, etc.)  There are a
> number of things that even basic desktop users need to do with their
> systems that require root access, such as changing display resolutions
> and installing new software, not to mention basic troubleshooting like
> reading the system log files, restarting basic services, etc.

Hmm, I don't even give my users the "administrator" password on their
windows machines. I'm certainly not giving them root. ;-)
-- 
Mark Roach
Reply to: