LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page is there a solution to this NIS/NFS UID security problem
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-13-2008, 08:01 PM   #1
leedude
Member
 
Registered: Jan 2007
Location: Scotland
Distribution: Fedora, Debian
Posts: 81

Rep: Reputation: 15
is there a solution to this NIS/NFS UID security problem

hi, i have been doing reading on NIS and NFS(central-user-accounts).
i noticed what appears to be a gaping problem.
i am hardly a unix network admin, this is all fairly new to me.

an example scenario:

a server is running NIS with it's /home dir shared over NFS to be automounted by all client machines so it can 'replace' the client's /home.

each user in the server's /etc/passwd file has a home directory in the server's NFS-shared /home dir, with permissions of each dir set up accordingly.

say, on the server, user bob has a UID of 501.

now, what if somebody brings another machine into the network(a laptop, maybe), and creates a LOCAL user account with a UID of 501. they then connect to the network, and mount the /home share.
logged in as the new user account, they would be able to access bob's files, because the exported filesystem still works on UIDs for determining file/folder access rights, and the new account shares bob's UID.
also, it's pretty easy to get a server to spit out bob's UID:
Code:
ypmatch bob passwd
it seems like a hell of a lot of control is being given to the client machines here.

is this a real vulnerability, or am I missing something?

Lee.
Last edited by leedude; 12-13-2008 at 08:04 PM.
 
Old 12-15-2008, 05:58 AM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Look in the manpage for nfs. There is a section called "Security Considerations" which list your options for nfs3 and nfs4.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
RHEL3 NIS client not updating with user's new UID rtla50 Linux - General 0 09-15-2006 05:54 PM
Is NFS the solution to my problem? funkymunky Linux - Networking 4 03-24-2005 11:49 AM
Mounting NFS Shares ... UID Problem Riddick Linux - Software 1 01-06-2005 09:48 AM
UID Mapping for NFS without NIS jgombos Linux - Networking 1 07-27-2003 06:52 PM
problem logging in local users - nis,nfs synfield Linux - Networking 3 04-05-2003 09:04 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:04 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration