home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.next.misc
- Path: sparky!uunet!hela.iti.org!usc!rpi!usenet
- From: gad@eclipse.its.rpi.edu (Garance A. Drosehn)
- Subject: Re: Stolen NeXT Station Color
- Message-ID: <#sr17dk@rpi.edu>
- Nntp-Posting-Host: eclipse.its.rpi.edu
- References: <BxMo5B.C7q@ux1.cso.uiuc.edu>
- Date: Fri, 13 Nov 1992 07:08:40 GMT
- Lines: 28
-
- lemson@ux1.cso.uiuc.edu (David Lemson) writes:
- > jiro@shaman.com (Jiro Nakamura) writes:
- >
- > >Presumably the school account files will be on a file server, not on the
- > >local disk. And presumably the system administrator has half a brain and
- > >did not set NFS to give root privileges globally to any machine that
- > >asks for them.
- >
- > >So even if Mr. or Ms. hacker does boot up a machine in root, they cannot
- > >wreak much of any havok since they will not be root to the NFS server.
- >
- > Well, anyone who knows NFS and its crappy security knows that once
- > someone is root on the clients, they can simply su to any user and
- > act like that other user, having full access to that other user's
- > files. Of course, they cannot delete en masse like they could if
- > the filesystems were exported root.
-
- If the administrator has more than half a brain (and a few extra bucks to
- spend), they would be going for AFS instead of NFS. Considerably better
- security. You don't have to really care if anyone breaks root (other than
- they can hose up the files on that one machine), unless of course you're
- stupid enough to leave some AFS passwords lying around on the local hard
- disk...
-
- --
- Garance Alistair Drosehn = gad@eclipse.its.rpi.edu
- ITS Systems Programmer (handles NeXT-type mail)
- Rensselaer Polytechnic Institute; Troy NY USA
-
