From owner-freebsd-bugs Mon Mar 24 11:39:43 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id LAA00380 for bugs-outgoing; Mon, 24 Mar 1997 11:39:43 -0800 (PST) Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA00372 for ; Mon, 24 Mar 1997 11:39:38 -0800 (PST) Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id MAA20475; Mon, 24 Mar 1997 12:35:52 -0700 (MST) Date: Mon, 24 Mar 1997 12:35:52 -0700 (MST) Message-Id: <199703241935.MAA20475@rocky.mt.sri.com> From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: darrylo@sr.hp.com Cc: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch), freebsd-bugs@freebsd.org Subject: Re: sendmail can't create PID file because of owner permission of /var/run In-Reply-To: <199703241845.AA243889113@hpnmhjw.sr.hp.com> References: <19970324080950.WP16275@uriah.heep.sax.de> <199703241845.AA243889113@hpnmhjw.sr.hp.com> X-Mailer: VM 6.21 under 19.14 XEmacs Lucid Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > Scenario: > > * Intruder breaks into system "A", and manages to become root. .. > * However, system A mounts (via NFS) some of system B's directories. > System B disallows root access via NFS (i.e., root uid == -2). Note: If you're using NFS, you're not concerned about security. NFS is simply insecure no matter how you want to slice it, and if you're relying on noroot for security you're going to get broken into. NFS == No Freaking Security! Nate