Date: Tue, 4 Feb 1997 16:06:53 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: branson.matheson@ferginc.com Cc: W.Belgers@nl.cis.philips.com, freebsd-hackers@FreeBSD.org Subject: Re: NIS/uids Message-ID: <199702042306.QAA13339@phaeton.artisoft.com> In-Reply-To: <Pine.BSF.3.91.970204090156.19773L-100000@toth.hq.ferg.com> from "Branson Matheson" at Feb 4, 97 09:42:54 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > The problem now is that the security on my system has become dependant > > on that of the NIS server. If I am root on the NIS server I can change > > the uid of "user" into any user including root and make use of it on my > > system. Even if you can only become root using su you can easily first > > become a user in wheel and then root. > > That is a fact. because you are using that information from an NIS > server, you will _always_ have a security risk from that server. > Anyone that has root on that server can modify a yp'd entry on that > server, change the uid to 0 and become root on your system very > easily. So by definition, you _have_ to trust your yp servers. Yes. You have established a trust relationship within a "secure zone", and you have *defined* the NIS client and server to both be inside this zone. However... It makes sense to me that "sensitive" user and group ID's perhaps should not be honored when they come in via NFS... ie: user root or bin, etc., or group bin or kmem. The problem is that there is no tag you can specify to indicate to NFS which user or group ID's are "sensitive", and which are not. This would provide NIS honoring protection similar to NFS not honoring "root" from a "semi-trusted" host. Regards, Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199702042306.QAA13339>