Re: [autofs] [RFC] Towards a Modern Autofs

From: H. Peter Anvin
Date: Thu Jan 08 2004 - 17:26:10 EST


J. Bruce Fields wrote:
>
> On Thu, Jan 08, 2004 at 01:13:24PM -0800, H. Peter Anvin wrote:
>
>>Also, your global machine credential is to some degree "all the security
>>you get." Any security which isn't enforced by the filesystem driver
>>doesn't exist in a Unix environment; in particular there is no security
>>against root.
>
> I only have to trust root on the nfs client machines that I actually
> use. (In fact, I only really have to trust those machines with a
> short-lived ticket, preventing even those machines from impersonating me
> beyond a limited time.)
>

And when that ticket expires, you better have NFS itself know how to
renew its credentials, or you're up the creek. Nothing that autofs can
help you with.

>
>>Stupid tricks like remapping uid 0 are just that; stupid
>>tricks without any real security value. You know this, of course.
>>However, if you think the automounter doesn't have the privilege to
>>access the remote server but the user does, then that's false security.
>
> If the server requires kerberos credentials that only a user has, then
> the automounter can't do anything until the user coughs up those
> credentials.
>

True, but giving them to a privileged daemon is no different that giving
them to the kernel in that way.

-hpa

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/