Date: Fri, 03 Apr 1998 07:39:16 +1000 (EST) From: Peter Jeremy <Peter.Jeremy@alcatel.com.au> To: freebsd-security@FreeBSD.ORG Cc: anton@urc.ac.ru Subject: Re: Is there a safe way for filesystem export? Message-ID: <199804022139.HAA22187@gsms01.alcatel.com.au>
next in thread | raw e-mail | index | archive | help
On Thu, 02 Apr 1998 18:01:40 +0600, Anton Voronin <anton@urc.ac.ru> wrote: >Unfortunately, mapping root to nobody is impossible while xdm writes into >.Xauthority in users home directories Updating .Xauthority doesn't have to be done as root. It should be done as the user being logged in (the current implementation doesn't - which may be a security hole). Since FreeBSD includes a `saved set-user-ID', changing xdm to flip uids whilst writing .Xauthority should be fairly simple. > and dirs like authdir or xkb.compiled. `authdir' could (and probably should, since xdm doesn't clean up after itself) be on a MFS partition - ie a protected subdirectory in /tmp. As far as I know, xdm doesn't affect xdm.compiled - the X server might though. I haven't played with the XKB extension and can't offer any suggestions here. Note that the Sun's NFS implementations include the ability to use `Secure RPC' - ie DES encryption. I don't know if the relevant hooks are in FreeBSD. Peter -- Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au Alcatel Australia Limited 41 Mandible St Phone: +61 2 9690 5019 ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804022139.HAA22187>