FC5, Firefox, NFS /home

Les Mikesell lesmikesell at gmail.com
Tue Jun 20 17:20:18 UTC 2006

On Tue, 2006-06-20 at 16:51 +0200, Ralf Corsepius wrote:

> > > IMO, NFS/NIS are perfectly suitable for use inside of a LAN. Of cause
> > > these services impose a certain level on insecurity, but at a certain
> > > point paranoia has to stop and trust has to start.
> > 
> > NFS allows anyone who can become root on any machine allowed to
> > access it (perhaps by booting a Knoppix CD...) to mount and access
> > anything.  Even if you don't permit root access, anyone who is
> > root locally can pretend to be anyone else.
> And where is the problem? Anyone with physical access to a box, can
> become root anywhere.

That *is* the problem.  Your server may be in a secure room, but
anything shared via NFS is open to anyone with physical access
to any box on the network - or within wireless range if you have
a wireless LAN. 
  Les Mikesell
   lesmikesell at gmail.com

More information about the users mailing list