-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The Sunday 2007-12-23 at 19:31 +0100, primm wrote:
Another problem is that the nfs server in versions 3 and below fully trusts
the client about user IDs. It won't put viruses on your machines, but it
does mean that if you don't control the root account on all machines,
anyone can read any file, or write to any share.
What? So, I login as me. There is no way nfs will let me write to the folders
of other users. Unless the other user has given me permission to do so. What
do you mean by 'control the root account on all machines'? No one else other
than me can login as root on any box on my network. Could you please tell me
if need to change my filesystem? What version of nfs do I have if I have
opensuse version 10.3? Yes. I know I can find out. But please don't tell me
where to stuff it.
What it means is that root on a machine that connects to the network can
fake any user while connecting to the nfs server. Meaning, for example,
that a guest with a laptop, if allowed to connect to the network, could
gain access to any dir exported by nfs - at least with previous NFS
versions. Which version do you have? Do 'cat /proc/fs/nfsd/versions', for
instance. Or try 'nfsstat'.
But I'm not allowed to write here, so please ignore me. :-P
- --
Cheers,
Carlos E. R.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)
iD8DBQFHbrT5tTMYHG2NR9URAiHoAJ98jlm/jUgspIUh021yuuFnUCMiEwCeJS4Q
6xbVVYyTfTaxofjadmVw1Cw=
=gmiD
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
