Complete.Org: Mailing Lists: Archives: discussion: September 1998:
Re: [aclug-L] telnet
Home

Re: [aclug-L] telnet

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: aclug-L@xxxxxxxxxxxx
Subject: Re: [aclug-L] telnet
From: Bob Deep <bobd@xxxxxxxxxxxx>
Date: Fri, 25 Sep 1998 07:55:09 -0500
Reply-to: aclug-L@xxxxxxxxxxxx

John Goerzen wrote:
> 
> Jeremy Johnstone <jsjohnst@xxxxxxxxxxx> writes:
> 
> > I doubt security is his major concern. Just accessability. Yet it is
> > always good to be paranoid I guess.... <g> Never know who is gonna sniff
> > out your latest CS programming assignment off the wire.
> 
> Or who is gonna sniff your *password* off the wire.  Far worse.
> 
> John

Who needs a password when you have NFS running?  Just consider NFS an
open inventation to mess with anything being served this way.  All you
need is root access on a box that has NFS mounted data, and you have
complete access, just like you where root on the server, to that data. 
This is a problem when you don't have administrative control over the
NFS client... So...

NFS allows many security holes when dealing with untrusted and/or
unknown hosts.  If I wanted your password, and your home dir was NFS
mounted, it it almost trivial to get it with some quick shell
programming and some login slight of hand. (The old, fake a password
validation failure sequence for telnet logins...)

Should the administrator be brave enough to give access to the passwrd
file via NFS (a common thing) you could get a copy, then run crack
agnist it to get any passwords that are not very strong... Again this is
trivial and can usually get you quite a few passwords. 

All the data is effectivly mine.  I could, for instance, finish my 6
month project and keeping good backups, proceed to erase all the rest of
the student's home directires so mine is the one of the few that makes
it in on time, and I'll get a better grade because the teacher uses a
curve.

Or... Because my project is not yet complete, I stage major computer
problems by "breaking" everybodies logins by corrupting some system
.cshrc or .profile thereby forcing the teacher to extend the deadline
due to the *major* system problems during the last week of the
project....(Or hope to force this..)

One could easily put traps and such in an effort to gain root access,
and all because of the NFS mounted disks...

I'm sure an exeprienced user could come up with a lot more nasty things,
these are just a few I came up with while writing this...

NFS is very unsecure in an enviroment where you don't have
administrative control over the client hosts..  Sure it can be very
useful but I would be very careful to limit it's use to hosts that I
completely trusted and/or maintained control over.

-= bob =-
---
This is the Air Capitol Linux Users Group discussion list.  If you
want to unsubscribe, send the word "unsubscribe" to
aclug-L-request@xxxxxxxxxxxx.  If you want to post to the list, send your
message to aclug-L@xxxxxxxxxxxx.



[Prev in Thread] Current Thread [Next in Thread]