Dean Anderson wrote:
There are options to NFS to not trust root, which prevents accidental
root problems, but provides no protection against malicious root
problems. NFSv4 and AFS are a little better--you have to steal kerberos
credentials, but this isn't real hard if you have root on the
workstation and the target of hostile activity also logs in and exposes
their KRB ticket and password to theft. NFSv4 and AFS are pretty good
against untrusted root users where the target of malice probably won't
log into the untrusted computer. Beyond that, all network computing
suffers the same weakness. If you can't trust root, you are sunk: you
can't obtain secure computing from an unsecure, untrusted computer.
This also has implications for software. If you can't trust the
distribution of critical software (e.g. the OS), then you are sunk.
I've been watching the activity of a project that is untrustworthy and
how that project is interacting with OS distro's. We used to worry
about hackers breaking into source code repositories. What happens when
hackers operate the source code repository?
I could be way off base here, but couldn't you use something like
grsecurity or selinux to prevent even root from doing anything bad to
the network attached storage? That's basically what we do where I work
and we use grsecurity.
thanks,
mikeS
--
Michael F. Sprague
[email protected]
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
