Re: [aclug-L] telnet
[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
Agreed, yet with NFS they only have access to what you give them access
to. Only export dirs then you can risk losing.
On Fri, 25 Sep 1998, Bob Deep wrote:
> John Goerzen wrote:
> >
> > Jeremy Johnstone <jsjohnst@xxxxxxxxxxx> writes:
> >
> > > I doubt security is his major concern. Just accessability. Yet it is
> > > always good to be paranoid I guess.... <g> Never know who is gonna sniff
> > > out your latest CS programming assignment off the wire.
> >
> > Or who is gonna sniff your *password* off the wire. Far worse.
> >
> > John
>
> Who needs a password when you have NFS running? Just consider NFS an
> open inventation to mess with anything being served this way. All you
> need is root access on a box that has NFS mounted data, and you have
> complete access, just like you where root on the server, to that data.
> This is a problem when you don't have administrative control over the
> NFS client... So...
>
> NFS allows many security holes when dealing with untrusted and/or
> unknown hosts. If I wanted your password, and your home dir was NFS
> mounted, it it almost trivial to get it with some quick shell
> programming and some login slight of hand. (The old, fake a password
> validation failure sequence for telnet logins...)
>
> Should the administrator be brave enough to give access to the passwrd
> file via NFS (a common thing) you could get a copy, then run crack
> agnist it to get any passwords that are not very strong... Again this is
> trivial and can usually get you quite a few passwords.
>
> All the data is effectivly mine. I could, for instance, finish my 6
> month project and keeping good backups, proceed to erase all the rest of
> the student's home directires so mine is the one of the few that makes
> it in on time, and I'll get a better grade because the teacher uses a
> curve.
>
> Or... Because my project is not yet complete, I stage major computer
> problems by "breaking" everybodies logins by corrupting some system
> .cshrc or .profile thereby forcing the teacher to extend the deadline
> due to the *major* system problems during the last week of the
> project....(Or hope to force this..)
>
> One could easily put traps and such in an effort to gain root access,
> and all because of the NFS mounted disks...
>
> I'm sure an exeprienced user could come up with a lot more nasty things,
> these are just a few I came up with while writing this...
>
> NFS is very unsecure in an enviroment where you don't have
> administrative control over the client hosts.. Sure it can be very
> useful but I would be very careful to limit it's use to hosts that I
> completely trusted and/or maintained control over.
>
> -= bob =-
> ---
> This is the Air Capitol Linux Users Group discussion list. If you
> want to unsubscribe, send the word "unsubscribe" to
> aclug-L-request@xxxxxxxxxxxx. If you want to post to the list, send your
> message to aclug-L@xxxxxxxxxxxx.
>
---
This is the Air Capitol Linux Users Group discussion list. If you
want to unsubscribe, send the word "unsubscribe" to
aclug-L-request@xxxxxxxxxxxx. If you want to post to the list, send your
message to aclug-L@xxxxxxxxxxxx.
- [aclug-L] telnet, Jesse Kaufman, 1998/09/23
- Re: [aclug-L] telnet, Cheez-Czar, 1998/09/23
- Re: [aclug-L] telnet, Bob Deep, 1998/09/24
- Re: [aclug-L] telnet, Jeremy Johnstone, 1998/09/26
- Re: [aclug-L] telnet, John Goerzen, 1998/09/27
- Re: [aclug-L] telnet, Jeremy Johnstone, 1998/09/29
- [aclug-L] Security Question: How safe is it?, Bob Deep, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, Jeremy Johnstone, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, Jeremy Johnstone, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, John Goerzen, 1998/09/29
- Re: [aclug-L] Security Question: How safe is it?, John Goerzen, 1998/09/29
- Re: [aclug-L] telnet, John Goerzen, 1998/09/29
Re: [aclug-L] telnet, John Goerzen, 1998/09/24
|
|
