A security flaw question. (akonstam at trinity.edu)

James T. Carver jtcarver at skinartz.com
Sun Jun 5 01:06:15 UTC 2005 

On Saturday 04 June 2005 04:48 pm, fedora-list-request at redhat.com wrote:
> Message: 5
> Date: Sat, 4 Jun 2005 15:35:31 -0500
> From: akonstam at trinity.edu
> Subject: A security flaw question.
> To: Fedora-List <fedora-list at redhat.com>
> Message-ID: <20050604203531.GA6998 at Moof.cs.trinity.edu>
> Content-Type: text/plain; charset=us-ascii
>
> I have a security question for the group. We have ~50 Linux machines
> that are NIS clients of out server. The idea as you know is that nay
> of are students van log in to any of the machines and have the same
> home directory and the same passwd.
>

This would only happen if you have givin all the students the same user 
account and password which is a bad idea from the start.  Each student should 
have their own user account and password, which would give each student their 
own home directory.

> Ok, now the question. I have been hearing from people about security
> flaws. Well what about about this. A number of our faculty have set up
> their personal machines as NIS clients. It makes it easier to get to
> their class related files. My feeling this is a tremendous security
> hole, since a first important step in hacking a machine might be logging in
> to the machine. Making faculty personal machines NIS clients
> means that any of the 1000 or so students can log in to the faculty
> machine. Does any one else think that this is a bad idea, or am I
> confused?
> --
>
> =======================================================================
> Life only demands from you the strength you possess.
> Only one feat is possible -- not to have run away.
>                 -- Dag Hammarskjold
> -------------------------------------------
> Aaron Konstam
> Computer Science
> Trinity University
> telephone: (210)-999-7484

It is only a security hole "if" the teacher remains logged in while away from 
their machine. if so, anyone could use the machine and would be logged in as 
the instructor. If the instructor logs out, then the students would not have 
access to the computer. to prevent this you could have the computer log them 
out after a certain time out and stress to the instructors that for security 
it is important for them to log out of their machine.

James Carver
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20050604/7629eb3c/attachment-0002.bin

More information about the users mailing list