Re: [PATCH] Secure user authentication for NFS using RPCSEC_GSS

Paul Jakma (paulj@alphyra.ie)
Mon, 13 Jan 2003 07:49:12 +0000 (GMT)


On 12 Jan 2003, Dax Kelson wrote:

> Standard NFS security/authentication sucks rocks. Without this NFS home
> directory servers are just waiting to be ransacked by a rouge (or
> compromised) root user on a client machine.

AIUI, A root user still can. The users krbv5 credentials will
generally have been cached to storage. (though i suppose one could
mount that storage via NFS and use root_squash, but that's little
protection.).

> NFSv4 w/RPSEC_GSS is finally a native UNIX filesharing solution that
> I don't have to be ashamed of when hanging with admins of those
> "other OSes".

Unless NFSv4 has dealt with the problem above, it isnt much protection
from rogue root users.

> Dax

regards,

-- 
Paul Jakma	Sys Admin	Alphyra
	paulj@alphyra.ie
Warning: /never/ send email to spam@dishone.st or trap@dishone.st

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/