Path: utzoo!attcan!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!zaphod.mps.ohio-state.edu!rpi!uupsi!sunic!kullmar!pkmab!ske
From: ske@pkmab.se (Kristoffer Eriksson)
Newsgroups: comp.unix.internals
Subject: Re: Complex security mechanism is unsecure (was Re: non-superuser chown(2)s considered harmful)
Message-ID: <4649@pkmab.se>
Date: 17 Dec 90 22:40:19 GMT
References: <1990Dec7.171501.18028@mp.cs.niu.edu> <4627@pkmab.se> <4088@osc.COM>
Organization: Peridot Konsult i Mellansverige AB, Oerebro, Sweden
Lines: 15

In article <4088@osc.COM> strick@osc.com (henry strickland) writes:
>In article <4627@pkmab.se> ske@pkmab.se (Kristoffer Eriksson) writes:
 >>But that is fairly easy to prevent for a non-user account. Just make it
 >>impossible to login to that account.
 >
 >Nope.  In a great many NFS networks today it's not too hard to find one
 >workstation on which you can make yourself root.

I thought we already new that NFS was a horrid mess as regards to security.
Fix NFS! (Or throw it out) Don't throw out good security features.

-- 
Kristoffer Eriksson, Peridot Konsult AB, Hagagatan 6, S-703 40 Oerebro, Sweden
Phone: +46 19-13 03 60  !  e-mail: ske@pkmab.se
Fax:   +46 19-11 51 03  !  or ...!{uunet,mcsun}!sunic.sunet.se!kullmar!pkmab!ske