[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [seul-edu] Alternatives to NIS

To: "'seul-edu@seul.org'" <seul-edu@seul.org>
Subject: RE: [seul-edu] Alternatives to NIS
From: Chris Hedemark <hedemark@bops.com>
Date: Mon, 23 Oct 2000 14:06:14 -0400
Delivery-Date: Mon, 23 Oct 2000 14:07:24 -0400
Reply-To: seul-edu@seul.org
Sender: owner-seul-edu@seul.org

OK let me elaborate.  You build up a NIS domain with a bunch of machines
that YOU control.

Someone outside of your control plugs into your network with a Linux
machine, plugs into your NIS domain, and then "su" to any account in the NIS
domain.  Yet you don't have root to their machine.  Meantime your intruder
can get any files from anyone he wants.

-----Original Message-----
From: David Woodhouse [mailto:dwmw2@infradead.org]
Sent: Monday, October 23, 2000 12:17 PM
To: seul-edu@seul.org
Subject: Re: [seul-edu] Alternatives to NIS 



hedemark@bops.com said:
>  MAJOR security hole - anyone with any UNIX machine that has root
> access to that machine can become any NIS user without the need for a
> password.  This is one of the many reasons that I hate NIS.

Could you be more specific? Anyone with any UNIX machine that has root 
access to that machine can become _any_ user, period. 

Being able to become any user on the machine you've already cracked is 
normal. Being able to access any of that user's files on the NFS server is 
also normal - but that's an NFS problem, not NIS.


--
dwmw2

Prev by Date: Re: [seul-edu] Alternatives to NIS
Next by Date: [seul-edu] vsep
Prev by thread: Re: [seul-edu] Alternatives to NIS
Next by thread: Re: [seul-edu] Alternatives to NIS
Index(es):
- Date
- Thread