Date: Thu, 2 Apr 1998 08:35:01 -0800 (PST) From: patl@phoenix.volant.org To: freebsd-security@FreeBSD.ORG Subject: Re: Is there a safe way for filesystem export? Message-ID: <ML-3.3.891534901.311.patl@asimov> In-Reply-To: <Pine.BSF.3.96.980402095142.21311B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, 2 Apr 1998, Anton Voronin wrote: > > > > i'd suggest -maproot=nobody > > > also, make whatever dir's readonly if possible and nosuid where > > > applicable. > > > > Unfortunately, mapping root to nobody is impossible while xdm writes into > > .Xauthority in users home directories and dirs like authdir or > > xkb.compiled. I'm affraid this topic is out of this mailing list, but > > would appreciate any advise on how to avoid the need of mapping root to > > root. > > Anton, > > I have never experienced the problem you describe -- I ran for a long time > last summer on a FreeBSD 2.2.1 (or was it .2?) with XFree86 and xdm > running, and my home directory mounted from a Solaris file server where > NFS-root was mapped to nobody. In the version of xdm I am currently > running (patched for Krb4), the call to SetUserAuthorization is definitely > after the setting of credentials on the child process. I suspect the significant point here is that whatever partition has the xdm binary must not re-map root, and must allow suid. I would export /usr and other exported system partitions read-only, with no userid remapping and allowing suid. The partition(s) holding user home directories would be exported read/write with root->nobody and nosuid. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.891534901.311.patl>