rang@cs.wisc.edu (Anton Rang) (12/17/90)
In article <4088@osc.COM> strick@osc.com (henry strickland) writes: >In the normal NFS setup, making myself root on a workstation does not >give me root priveleges on the filesystem of a remote NFS server >which I can mount the partitions of. [ ... ] Now if any of these >non-root users owns (or groups has w bits on) some file in the PATH >of root (or one of the directories or superdirectories in the PATH), >the trojan horse can ride. Does Sun still install their OS distributions with directories owned by bin? This one bit me once, before I realized how easy it was to spoof the YP "authentication" (netgroups stuff) which was being used to "restrict" (ha!) people from mounting our servers.... Sigh. Anton +---------------------------+------------------+-------------+ | Anton Rang (grad student) | rang@cs.wisc.edu | UW--Madison | +---------------------------+------------------+-------------+
rickert@mp.cs.niu.edu (Neil Rickert) (12/17/90)
In article <RANG.90Dec16131137@nexus.cs.wisc.edu> rang@cs.wisc.edu (Anton Rang) writes: > > Does Sun still install their OS distributions with directories owned >by bin? This one bit me once, before I realized how easy it was to >spoof the YP "authentication" (netgroups stuff) which was being used >to "restrict" (ha!) people from mounting our servers.... Sigh. Not only that, but they still install their distributions with a '+' in /etc/hosts.equiv, leaving a security hole big enough to drive a truck through. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science <rickert@cs.niu.edu> Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940