On Sunday 23 December 2007 15:17:46 Anders Johansson wrote: > On Sunday 23 December 2007 14:59:12 James Knott wrote: > > Anders Johansson wrote: > > > On Sunday 23 December 2007 14:09:44 primm wrote: > > >> I'm now reading that Linux nfs which I installed by yast all by myself > > >> is also a security risk. > > > > > > It is a security risk in that it's not encrypted. > > > > > > Another problem is that the nfs server in versions 3 and below fully > > > trusts the client about user IDs. It won't put viruses on your > > > machines, but it does mean that if you don't control the root account > > > on all machines, anyone can read any file, or write to any share. > > > > I thought the purpose of root squash was to prevent that. > > No, the purpose of root squash is to prevent anyone from pretending to be > UID 0 > > But if your home share is UID 1000, and I have root on my machine, I create > a user with UID 1000, mount, su to that user and I can access your home as > if I were you > > As I said, nfs v <= 3 trusts the client. Actually, v4 does too, if you > don't use kerberos >
OK guys. Anoraks off and xmas ties on. This is the works xmas outing. Hands up: Which of the posters to this thread actually runs a network? That works. cu tomorrow afternoon! L x -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
