Path: utzoo!attcan!uunet!snorkelwacker!apple!sun-barr!newstop!sun!stpeter.Eng.Sun.COM!cmcmanis From: cmcmanis@stpeter.Eng.Sun.COM (Chuck McManis) Newsgroups: alt.hackers Subject: Re: Execute only files on Novell Message-ID: <136935@sun.Eng.Sun.COM> Date: 8 Jun 90 21:19:54 GMT References: <445@ria.ccs.uwo.ca> <224@rossignol.Princeton.EDU> Sender: news@sun.Eng.Sun.COM Organization: Sun Microsystems, Mt. View, Ca. Lines: 25 Approved: news@sun [This probably won't work.] In article <224@rossignol.Princeton.EDU> (Tom Reingold) writes: >I have read that the same problem exists in NFS. Superuser must have >read access to a file in order to load it into memory, at least in >theory. So to execute a file, you have to "copy" it into memory. If >Superuser on a machine can read it, how are you going to prevent Joe >User from having less access than Superuser if the authentication is >done on the network? Well there are things call privledged ports that can be used sometimes to psuedo-authenticate people, and there is of course "Secure NFS" which uses a public key scheme, and finally there is "Kerberized NFS" which uses Kerberos. The main point being that you are correct in your assertion that presumed authorization by network existence is fatally flawed but _NFS_ per se doesn't know anything about authorization, that is part of the implementation not the design/architecture. UFS doesn't know about authorization either, it counts on the kernel implementation to deny you access when you don't have permission. -- --Chuck McManis Sun Microsystems uucp: {anywhere}!sun!cmcmanis BIX: Internet: cmcmanis@Eng.Sun.COM These opinions are my own and no one elses, but you knew that didn't you. "I tell you this parrot is bleeding deceased!"