[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [seul-edu] Alternatives to NIS
OK let me elaborate. You build up a NIS domain with a bunch of machines
that YOU control.
Someone outside of your control plugs into your network with a Linux
machine, plugs into your NIS domain, and then "su" to any account in the NIS
domain. Yet you don't have root to their machine. Meantime your intruder
can get any files from anyone he wants.
From: David Woodhouse [mailto:firstname.lastname@example.org]
Sent: Monday, October 23, 2000 12:17 PM
Subject: Re: [seul-edu] Alternatives to NIS
> MAJOR security hole - anyone with any UNIX machine that has root
> access to that machine can become any NIS user without the need for a
> password. This is one of the many reasons that I hate NIS.
Could you be more specific? Anyone with any UNIX machine that has root
access to that machine can become _any_ user, period.
Being able to become any user on the machine you've already cracked is
normal. Being able to access any of that user's files on the NFS server is
also normal - but that's an NFS problem, not NIS.