Brendan O'Dea <[EMAIL PROTECTED]> wrote: > Your argument is that exporting a writable / or /usr via NFS exposes > you to possible exploits? Then DON'T DO THAT.
and Manoj Srivastava <[EMAIL PROTECTED]> wrote: > ... majority do not NFS export /usr/local ... Sorry, but that is not the issue. The attacked machine would not be an exporter, but a mounter of user files. Suppose I have a bunch of machines, that "share" user files: all NFS-mount /users (containing user home directories /users/*). Getting root on any one of this bunch of machines would allow me to create a setgid-staff file; or maybe I could mess around with the .bashrc of a user in group staff. Arguments about exports with squash_gids are moot: many NFS exporters do not have that option; and non-Debian exporters would not know or care about group staff. Other points raised: > That "src" group is *obviously* a security risk, it makes any user in > that group root-equiv since they can dick with /usr/src/linux... No risk: /usr/src is not used on a regular basis. Root should verify his sources before building and installing a new kernel. > The various role groups are useful [to] provide limited access to > certain files/subtrees. Yes, e.g. group mail is useful (only because we do not trust sendmail?). Group disk is not useful: there is no-one in that group, nor are there setgid-disk binaries. I wonder about group tty. > ... a finer distinction of privileges ... we should encourage. Yes, definitely; but we need to do so securely. Cheers, Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]