[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: fonts, autofs and things

> Date: Fri, 11 Jun 1999 17:50:06 -0400 (EDT)
> From: Donovan Rebbechi <elflord@pegasus.rutgers.edu>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Sender: owner-independence-l@independence.seul.org
> Reply-To: independence-l@independence.seul.org
> X-To-Get-Off-This-List: mail majordomo@independence.seul.org, body unsubscribe independence-l
> X-UIDL: 6beabf9673f963c3be2cb960980f691e
> On Fri, 11 Jun 1999, JF Martinez wrote:
> > so I commented it out.  If consensus is I was wrong I will keep
> > automounting of floppies.
> Not such a bad idea. 
> > By the way I am atonished how unsecure is the autofs default file in
> > RedHat.  If you start it (by default it is not and I fixed this) then
> > every rascal can insert a floppy containing setuid programs or dev
> > files and destroy your box in seconds or install a backdoor in your
> > box.
> Your box is at the mercy of anyone with physical access. Several times,
> I've had downtime because some idiot turned my box off, despite that I had

Put an armed guard near your box.  :-)

> a note on it saying not to do this.

I know it. I very often ironized about the denial of service attack
consisting in using an axe on a computer.  But far worse is the sneaky
attack like planting a program who periodically corrpts your data,
kills a vital daemon, or stops your box.  And if you have a pasowrd in
your BIOS, one in LILO, you don't allow booting of a floppy or CD, and
you are the only one knowing the root password then the only way to
plant a program in your box is unsecure mounts or automounts.

> -- Donovan