On 12 Jan 2003, Dax Kelson wrote:
> Standard NFS security/authentication sucks rocks. Without this NFS home
> directory servers are just waiting to be ransacked by a rouge (or
> compromised) root user on a client machine.
AIUI, A root user still can. The users krbv5 credentials will
generally have been cached to storage. (though i suppose one could
mount that storage via NFS and use root_squash, but that's little
protection.).
> NFSv4 w/RPSEC_GSS is finally a native UNIX filesharing solution that
> I don't have to be ashamed of when hanging with admins of those
> "other OSes".
Unless NFSv4 has dealt with the problem above, it isnt much protection
from rogue root users.
> Dax
regards,
-- Paul Jakma Sys Admin Alphyra paulj@alphyra.ie Warning: /never/ send email to spam@dishone.st or trap@dishone.st- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Wed Jan 15 2003 - 22:00:44 EST