Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!caen!spool.mu.edu!olivea!mintaka!spdcc!rbraun
From: rbraun@spdcc.COM (Rich Braun)
Newsgroups: comp.protocols.nfs
Subject: Re: group permissions when root
Message-ID: <7958@spdcc.SPDCC.COM>
Date: 19 Jun 91 17:15:13 GMT
References: <15008@exodus.Eng.Sun.COM> <6720@eastapps.East.Sun.COM> <4978@skye.ed.ac.uk>
Organization: Kronos Inc., Waltham, Mass.
Lines: 16

geoff@east.sun.com (Geoff Arnold @ Sun BOS - R.H. coast near the top) writes:
>>If you don't trust the root uid, why would you trust a
>>gid that the root might have given him/herself?

richard@aiai.UUCP (Richard Tobin) writes:
>For the same reason that you trust a non-root uid that root gives
>itself.

You're overlooking one thing:  if you have two systems A and B, and
a root user on B su's to some other uid, he now has access to files on
system A under that new uid.  Yet system A didn't grant the access.
This is a security hole under all Unix NFS implementations, as far
as I know.  It means people can't be given the root password to their
own office workstations!

-rich