On Mon, 04 Jul 2005 08:55:13 +0300 Nir Tzachar <[EMAIL PROTECTED]> babbled:
> > i think he was referring to using root-squash. it's an entirely pointless > > option and does not make the nfs exporting any more secure (disallowing root > > access to files like it would be allowed locally is pointless as if u are > > root - u can setuid/seteuid or su to the user id u need then do your dirty > > work - it just become more painful - that's all). > we _know_ nfs is not secure. we have no other _secure_ option. we use > nfs, and make life harder on a would-be intruder: the main concern in harder? jhahahahahha "i need to access file owned by uid X - add user of uid X if doesn't exist, or just su - username" and then do the work. its no barrier at all. it simply makes system administration and stuff more painful :( > our organization is an inside attack. since no one can close all holes, > the motto is "make intrusion as hard as possible". one such way, is > using root squash. any cracker who has gotten that far can get the few extra steps - its no real solution. it just makes life painful. its worse than "security by obscurity". :) > > that was his point - its an option that may > > mistakenly make people think their file exports are "more secure" :) > we dont think it is more secure. we think it will give an intruder a hard time > (writing 2 extra command lines _is_ a hard time....). ahahahhahaha! well ok - you have a weird idea of security :) > > you can use it - in a few minutes with no code changes. remove root squash. > > it's a pointless option (as above) :) > not an option. well patches accepted. :) > > entrance uses method A for writing the > > .Xautharity file ie write as root then chown. xdm uses method B - seteuid, > > then write. BOTH are valid methods but method A happens to not work over nfs > > with root-squash. since imho root-squash is a pointless option anyhow... > > both methods are equally valid :) > ok. end of discussion. > i thank you all for your answers and comments. > if, for some unknow reason you decide to support method B, we'll be > happy to use entranced. until then, we'll stick with kdm. > > cheers, > > > -- > ========================================================= > Nir Tzachar. -- ------------- Codito, ergo sum - "I code, therefore I am" -------------- The Rasterman (Carsten Haitzler) [EMAIL PROTECTED] 裸好多 [EMAIL PROTECTED] Tokyo, Japan (東京 日本) ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
