*** From dhcp-server -- To unsubscribe, see the end of this message. ***
In a message dated: Thu, 01 Jul 1999 14:23:11 PDT
Dave Gotwisner said:
>Slightly different issue...
>
>Depending upon what you are using DHCP for, you might be opening up a
>security hole on the other side. If you use TFTP/NFS for your booting, and
>someone has access to the file being booted, they may be able to replace the
>bootstrap to give themselves (and everyone else in the environment)
>unsecured access to the server. This is possible if everything isn't locked
>down, since you ARE allowing them to give a different boot file. Note that
>if the user's device's root user maps to the server's root user, this
>problem is even larger, since they can then put an SU down that allows them
>to do whatever they want.
Good point. But since their booting cable modems to test the code, that's not
too much of an issue. Though if they were DHCP booting Linux systems, I might
be a little worried about it, but since you need to go through me to have a
system that's allowed to NFS mount anything, I'm not too worried about that.
Thanks,
--
Seeya,
Paul
----
Please reply to [EMAIL PROTECTED] The corp sendmail people insist on
rewriting outgoing mail (including Reply-to: headers!) to send to
'@nortelnetworks.com' which we keep telling them is quite broken, but they
don't listen :)
Broadband Technology Division - Bay Networks (now a Nortel Company, Eh? :)
If you're not having fun, you're not doing it right!
------------------------------------------------------------------------------
To unsubscribe from this list, visit: http://www.isc.org/dhcp-lists.html
-*-
If you are without web access, or if you are having trouble with the web page,
please send mail to [EMAIL PROTECTED] with the subject line of
'unsubscribe'.
------------------------------------------------------------------------------
