Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: tlug: NFS question
- To: tlug@example.com
- Subject: Re: tlug: NFS question
- From: "Stephen J. Turnbull" <turnbull@example.com>
- Date: Mon, 19 Oct 1998 14:42:16 +0900 (JST)
- Content-Transfer-Encoding: 7bit
- Content-Type: text/plain; charset=us-ascii
- In-Reply-To: <199810172234.WAA00616@example.com>
- References: <m3g1cnv39e.fsf@example.com><199810172234.WAA00616@example.com>
- Reply-To: tlug@example.com
- Sender: owner-tlug@example.com
>>>>> "Karl-Max" == Karl-Max Wagner <karlmax@example.com> writes:
Karl-Max> Frank Bennett writes:
>> To protect against this, I figure that each subdirectory needs
>> a file like ~/.checkname, owned by root but readable to
>> everyone else. The /etc/profile script that runs before
>> ~/.bash_profile will check the content of this, and compare it
>> with the result of "whoami". If there's a discrepancy, the
>> server knows that the user is spoofing his identity, and script
>> issues an immediate "exit", killing the shell.
>> Can anyone see obvious holes in this?
Well, the main one is I'm not sure which host you think is running the
checking programs. The problem is that the NFS client needs to mount
the file system before the user can log in. So I log in locally as
root, before trying to log in as a user, and I now can read everything
in /home. If necessary I do it from a boot floppy to bypass any stuff
you've installed to make authentication checks (heck, while I'm at it,
I'll install a few Trojan horses too so that I still have the keys
even if I don't have the boot floppy with me).
Karl-Max> Easy. Just rename you client to have an identity that
Karl-Max> fits and you're in business.
I'm not sure what you're trying to say.
But I think Karl-Max is right:in order to get real security in a PC
world, you will need something like SSH/SSL (secure sockets layer, I
think it is) or Kerberos.
--
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences Tel/fax: +1 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for? "XEmacs rules."
---------------------------------------------------------------
Next Nomikai: 20 November, 19:30 Tengu TokyoEkiMae 03-3275-3691
Next Meeting: 12 December, 12:30 Tokyo Station Yaesu central gate
---------------------------------------------------------------
Sponsor: PHT, makers of TurboLinux http://www.pht.co.jp
- References:
- Re: tlug: NFS question
- From: Frank Bennett <bennett@example.com>
- Re: tlug: NFS question
- From: Karl-Max Wagner <karlmax@example.com>
- Re: tlug: NFS question
- Prev by Date: Re: tlug: Never mind the NFS, here come the CODA archives!
- Next by Date: Re: tlug: GCC compiler question
- Prev by thread: Re: tlug: NFS question
- Next by thread: tlug: linux cluster
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |