Re: caps in elf headers: use the sticky bit!

Theodore Y. Ts'o (tytso@mit.edu)
Thu, 15 Apr 1999 23:27:04 -0400 (EDT)


Date: Thu, 15 Apr 1999 16:07:35 -0700 (PDT)
From: David Lang <dlang@diginsite.com>

As for the NFS issue, there are situations where NFS can be used in a
(at least semi)secure environment. If the NFS traffic is on a dedicated
LAN (often done for performance anyway) then the only way that NFS can be
a problem is if one of your machines in hacked into anyway. The ability to
use capabilities on NFS mounted files would significantly help in server
farm situations.

So if I can manage to hack into one of your machines, (say, the one
which is running the sendmail that didn't get updated to fix the
sendmail security bug of the week) I get to break into all of the
rest?!?

This is real security? I think not.

A real world example. you setup a web server farm with the common
files/binarys NFS mounted.

Disk space is cheap these days. $300 USD will buy you 20 gigabytes of
space; a complete Linux system worth of binaries is maybe 1, 2 gigs tops
for a fully loaded system. If you're not willing to pay $15-30 extra
per server so that each system can have its own copy of its system
software, you're not serious about your system security.

Besides, running your server farm with standalone disk increases your
performance and your robustness, since you remove a single point of
failure. (If your NFS server crashs, your entire server farm goes out.)

This is why requiring NFS support is a real red herring as far as
capabilities are concerned.

- Ted

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/