Mailinglist Archive: opensuse (3156 mails)
| < Previous | Next > |
Re: [opensuse] Re: NFS sync vs. async mounts
- From: Anders Johansson <ajh@xxxxxxxxxx>
- Date: Sun, 23 Dec 2007 15:17:46 +0100
- Message-id: <200712231517.46886.ajh@xxxxxxxxxx>
On Sunday 23 December 2007 14:59:12 James Knott wrote:
No, the purpose of root squash is to prevent anyone from pretending to be UID
0
But if your home share is UID 1000, and I have root on my machine, I create a
user with UID 1000, mount, su to that user and I can access your home as if I
were you
As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you don't
use kerberos
Anders
--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
Anders Johansson wrote:
On Sunday 23 December 2007 14:09:44 primm wrote:
I'm now reading that Linux nfs which I installed by yast all by myself
is also a security risk.
It is a security risk in that it's not encrypted.
Another problem is that the nfs server in versions 3 and below fully
trusts the client about user IDs. It won't put viruses on your machines,
but it does mean that if you don't control the root account on all
machines, anyone can read any file, or write to any share.
I thought the purpose of root squash was to prevent that.
No, the purpose of root squash is to prevent anyone from pretending to be UID
0
But if your home share is UID 1000, and I have root on my machine, I create a
user with UID 1000, mount, su to that user and I can access your home as if I
were you
As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you don't
use kerberos
Anders
--
Madness takes its toll
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |