>>>>> " " == Alexander Viro <viro@math.psu.edu> writes:
> Let me get it straight - you are talking about dumb users who
> 1) do r/w NFS exports on potentially hostile network
> 2) don't squash root or have world-writable /etc/passwd.
> And I thought that I was cynical...
One word: NFSroot
> Linux on their boxen at home, so it's hardly an issue. If they
> are pulling unauthorised stuff like that in the $ORKPLACE -
> well, YMMV, but I would break their fingers for such
> attempts. Bone after bone. Slowly. With rubber mallet. And if
> they are admins - sorry, with that level of cluelessness NFS
> will be the least of their problems.
It's an unfortunate consequence of the "world domination" game some
people are advocating.
Your same argument applies to people who open email attachments with
subject 'I Love You'. Do you really have the spare time and
inclination to pursue them all with your mallet?
> IOW, what additional security does it buy you? If you don't
None whatsoever assuming your admin has a clue. Failing that, we
should try to protect the poor git from him/herself as best possible.
I'll bet you can easily find 'experts' who'd see nothing wrong with
the example of the (ro)/(rw) export issue. In fact I have an example
of a commercial UNIX implementation that uses a similar construct in
their manpage example of 'good security'.
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Jun 15 2000 - 21:00:36 EST