FC5, Firefox, NFS /home
Les Mikesell
lesmikesell at gmail.com
Tue Jun 20 17:20:18 UTC 2006
On Tue, 2006-06-20 at 16:51 +0200, Ralf Corsepius wrote:
> > > IMO, NFS/NIS are perfectly suitable for use inside of a LAN. Of cause
> > > these services impose a certain level on insecurity, but at a certain
> > > point paranoia has to stop and trust has to start.
> >
> > NFS allows anyone who can become root on any machine allowed to
> > access it (perhaps by booting a Knoppix CD...) to mount and access
> > anything. Even if you don't permit root access, anyone who is
> > root locally can pretend to be anyone else.
> And where is the problem? Anyone with physical access to a box, can
> become root anywhere.
That *is* the problem. Your server may be in a secure room, but
anything shared via NFS is open to anyone with physical access
to any box on the network - or within wireless range if you have
a wireless LAN.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list