[3025] in bugtraq
Re: bin owned system files
daemon@ATHENA.MIT.EDU (Gene Spafford)
Fri Jul 26 12:45:36 1996
Date: Fri, 26 Jul 1996 10:00:07 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Gene Spafford <spaf@cs.purdue.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <"2336*hilchey@ucs.ubc.ca"@MHS>
At 11:43 AM -0500 7/25/96, Paul Hilchey wrote in "Re: bin owned system
files":> > Using secure NFS or Kerberos helps, but those have drawbacks,
too. The
> > best policy is to be very careful with NFS and ownership.
>
> No, the best policy is to be very careful with NFS exports.
Isn't that what I said? To be careful with NFS?
>
> The default behaviour of denying root privileges to NFS clients is a quirky
> feature that seldom buys you any real security. Although one can contrive
> situations in which it helps, it isn't an effective approach to making NFS
> secure. Spafford gives an example where /etc is exported read-write to
> non-trusted clients. This is not realistic, since no one in their right
> mind would do that! If you export /etc at all, it should be exported
> read-only.
If you re-read what I wrote, you will see that I didn't say anything about
exporting /etc. I gave /bin as an example, which is often exported to
provide diskless clients with access to the commands. And, contrary to
your remarks, /etc is commonly exported by people in their right minds!
Often, to make things simple, people will export their entire / partition,
which includes /etc. Of course that is dangerous, but the problem here is
one of user ignorance more than anything else.
>
> If you are concerned about root inadvertantly running a tampered program,
> your root path should not include directories that are exported read-write.
True. However, knowing what is really in root's path is not always simple.
For instance, the libraries in /usr/lib may be in the path if shared
libraries are in use, even if they are never executed directly. Also,
exporting directories with configuration files (I gave inetd.conf as an
example -- there are many more) is dangerous.
Importing NFS directories without due care can also be dangerous, but
that's not on this topic. It is also why I said NFS must be used with
care, rather than saying "export" only.
--spaf
