Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!decwrl!decvax!eagle_snax!geoff From: geoff@eagle_snax.UUCP ( R.H. coast near the top) Newsgroups: comp.unix.wizards Subject: Re: NFS Security: a summary Summary: oh yeah? Message-ID: <350@eagle_snax.UUCP> Date: 12 Sep 88 00:32:11 GMT References: <153@leibniz.UUCP> <43200038@uicsrd.csrd.uiuc.edu> <13457@mimsy.UUCP> <3e5d8f8f.13422@apollo.COM> Lines: 28 In article <3e5d8f8f.13422@apollo.COM>, mishkin@apollo.COM (Nathaniel Mishkin) writes: > Not even to mention an IBM PC that supports UDP/IP. Bring up SUN RPC > and start making those NFS requests with the uid of your choice. Even > simpler, you could just start with PC/NFS. C'mon, Nat, I'll buy you a Samuel Smith's ale if you can correctly patch all of the PC-NFS internal data structures to do this. The only reasonable way of breaking it would be to run a rogue PCNFSD somewhere, which (once again) assumes super-user access on some system. When people point out the lack of security in the current generation of distributed architectures, I usually reply that the mechanisms are there to stop people from making fools of themselves (e.g. inadvertantly deleting a colleague's file, or maybe an OS file) or from stumbling across material they shouldn't see. In most of the companies we work for, the real security is on the periphery of the building, network, whatever: inside the shell we usually make the convenience/security trade-off in favor of convenience. Fortunately personal idiosyncrasy and love of complexity provide a second line of defense through intimidation... > Ah, what a fool's paradise we're all living in. Just focus on the "paradise" bit :-) > -- Nat Mishkin -- Geoff Arnold, Sun Microsystems Inc.+------------------------------------------+ PC Distrib. Sys. (home of PC-NFS) |If you do nothing, you will automatically | UUCP:{hplabs,decwrl...}!sun!garnold|receive our Disclaimer of the Month choice| ARPA:geoff@sun.com +------------------------------------------+