Date: Wed, 20 Sep 1995 20:38:15 +0200 (MET DST) From: Luigi Rizzo <luigi@labinfo.iet.unipi.it> To: kallio@jyu.fi (Seppo Kallio) Cc: questions@FreeBSD.ORG Subject: Re: * The security of DISKLESS? * Message-ID: <199509201838.UAA04849@labinfo.iet.unipi.it> In-Reply-To: <v01530527ac85c710eaaf@[130.234.41.39]> from "Seppo Kallio" at Sep 20, 95 04:54:23 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> What kind of security holes does DISKLESS include? > > Some thoughts: > > 1. Can user boot the DISKLESS to sigle user and then use root provileges? Yes, with a FreeBSD boot floppy :) > 2. The root partition must be exported with -rootusr=root > - maybe it is possible to hide this dir so that user cannot > save suid progs and login to the server and use them? > - mayb ethere is nosuid in exports preventig to save suid files to > root partition > 3. Other holes? If you are referring to the answer I gave about how to setup a diskless system, the security hole is given by the need to export the root filesystem with root read permission. This means that you can see the encrypted passwords (master.passwd) and possibly start a brute-force attack to your system looking for passwords. Luigi ==================================================================== Luigi Rizzo Dip. di Ingegneria dell'Informazione email: luigi@iet.unipi.it Universita' di Pisa tel: +39-50-568533 via Diotisalvi 2, 56126 PISA (Italy) fax: +39-50-568522 http://www.iet.unipi.it/~luigi/ ====================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509201838.UAA04849>