Date: Sun, 28 Jan 1996 23:00:32 -0800 (PST) From: Nathan Lawson <nlawson@statler.csc.calpoly.edu> To: wam@fedex.com (William McVey) Cc: security@freebsd.org Subject: Re: Ownership of files/tcp_wrappers port Message-ID: <199601290700.XAA04062@statler.csc.calpoly.edu> In-Reply-To: <199601261956.AA03214@gateway.fedex.com> from "William McVey" at Jan 26, 96 01:58:36 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Paul Richards wrote: > >guys, these are NFS problems. If you want to stop people su'ing to bin > >then map bin to nobody as well. > > I am at a lost as to why we'd want to build band-aids to gloss over > a problem, rather than the problem itself. It has been mentioned > before that UNIX was designed to have a single well protected > administrative id (root). Why would we want multiple accounts that > now need to have an equivalent amount of protection? You suggest > that we should fix the NFS to treat 'bin' special as well as root. One small problem here that no one has mentioned uet: NFS works by uid, not by account name. Therefore, we'd have to remap uid 1 (bin on most systems), uid 3, (bin on SunOS) or who knows how many other uids? Once you find yourself doing that, you might as well write your own Unix. Let's fix the cause, not patch the symptoms. -Nate
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601290700.XAA04062>