On Sunday 23 December 2007 14:59:12 James Knott wrote: > Anders Johansson wrote: > > On Sunday 23 December 2007 14:09:44 primm wrote: > >> I'm now reading that Linux nfs which I installed by yast all by myself > >> is also a security risk. > > > > It is a security risk in that it's not encrypted. > > > > Another problem is that the nfs server in versions 3 and below fully > > trusts the client about user IDs. It won't put viruses on your machines, > > but it does mean that if you don't control the root account on all > > machines, anyone can read any file, or write to any share. > > I thought the purpose of root squash was to prevent that.
No, the purpose of root squash is to prevent anyone from pretending to be UID 0 But if your home share is UID 1000, and I have root on my machine, I create a user with UID 1000, mount, su to that user and I can access your home as if I were you As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you don't use kerberos Anders -- Madness takes its toll -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
