SUMMARY: SU to any user as root

From: Andrew Watkins (andrew@dcs.bbk.ac.uk)
Date: Thu Sep 19 1996 - 11:06:03 CDT


Hello,

My question was:

> We all know the security problems of a Root user
> on any workstation su'ing to another user on your
> network and accessing there files (or by adding
> entries to /etc/passwd)
>But I thought that moving to NIS+ would block this security
>hole. Is this correct?

Well I had a mixture of answers and it is unclear if it can be solved.
I have tried using NIS+ and secureNFS, but without any luck, which is
what one person suggested. But it may be I was doing it incorrectly.
I will try again at a later date.

It looks like Kerberos is the correct answer, but without the software and
kerberos application I can not try it.

It was also suggested that I should use "sudo" and not give the Root
password to anyone, but this is not the point, plus in a University
it is impossible [The people who have obtained the money want complete
control of that machine and also want to be connected to the network for NFS].

All I have to say is that if you are automounting home directories to
all workstations, your users files are in danger from a root attack
if some one breaks in!!

I guess the solution is that you must make sure ALL workstations
all completely secure and not just your servers.

Thanks to all who replied:

TECNSS@access-health.com
dsf@interpath.com
mrs@cadem.mc.xerox.com
Daniel.Blander@ACSacs.Com
asim@psa.pencom.com
swdeutsch@ucdavis.edu
jim@telecnnct.com
kevin@uniq.com.au
fxl@pulse.itd.uts.edu.au
cscmfung@comp.polyu.edu.hk
tkld@cogsci.edinburgh.ac.uk
john@oncology.uthscsa.edu

Cheers

Andrew Watkins



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:10 CDT