misc/61774: nis security issue
Matthew West
mwest at uct.ac.za
Thu Jan 29 08:03:11 PST 2004
Using export(5)'s maproot option doesn't prevent a user on an NFS
client from becoming root, and then using "su" to become another user
and access that user's files.
A solution to this problem is to use Kerberos tickets instead of Unix
user credentials. Unfortunately, FreeBSD does not currently have a
Kerberised NFS implementation.
You could try using something other than NFS to allow clients access
to their files; likely candidates are Coda, AFS and SFS.
SFS (http://www.fs.net/ - ports/security/sfs) is probably the easiest
to get going with, as you don't need to have a pre-existing Kerberos
infrastructure to use it.
More information about the freebsd-bugs
mailing list