FC5, Firefox, NFS /home
Les Mikesell
lesmikesell at gmail.com
Tue Jun 20 14:42:56 UTC 2006
On Tue, 2006-06-20 at 15:30 +0200, Ralf Corsepius wrote:
> >
> > >> Using /home as a network share is inherently insecure,
> >
> > > What does that mean?
> Paranoia :)
>
> > Threats To Server Security
> > https://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-risk-serv.html
> >
> > ######
> > "Inherently Insecure Services
>
> > Another example of insecure services are network file systems and
> > information services such as NFS or NIS which are developed explicitly
> > for LAN usage but are, unfortunately, extended to include WANs (for
> > remote users).
> Note: LAN!
The link sort-of mentions the problem but isn't very explict about
it.
> IMO, NFS/NIS are perfectly suitable for use inside of a LAN. Of cause
> these services impose a certain level on insecurity, but at a certain
> point paranoia has to stop and trust has to start.
NFS allows anyone who can become root on any machine allowed to
access it (perhaps by booting a Knoppix CD...) to mount and access
anything. Even if you don't permit root access, anyone who is
root locally can pretend to be anyone else.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list