Date: Fri, 30 Jan 2004 07:40:16 -0800 (PST) From: Matthew West <mwest@uct.ac.za> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/61774: nis security issue Message-ID: <200401301540.i0UFeGXt076167@freefall.freebsd.org>
index | next in thread | raw e-mail
The following reply was made to PR misc/61774; it has been noted by GNATS. From: Matthew West <mwest@uct.ac.za> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: misc/61774: nis security issue Date: Fri, 30 Jan 2004 17:34:05 +0200 Using export(5)'s maproot option doesn't prevent a user on an NFS client from becoming root, and then using "su" to become another user and access that user's files. A solution to this problem is to use Kerberos tickets instead of Unix user credentials. Unfortunately, FreeBSD does not currently have a Kerberised NFS implementation. You could try using something other than NFS to allow clients access to their files; likely candidates are Coda, AFS and SFS. SFS (http://www.fs.net/ - ports/security/sfs) is probably the easiest to get going with, as you don't need to have a pre-existing Kerberos infrastructure to use it.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200401301540.i0UFeGXt076167>