From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: "Carlos André" <candrecn@gmail.com>
Cc: le wang <lewang2000@gmail.com>,
Ondrej Valousek <webserv-K2D8ygZuxnnrBKCeMvbIDA@public.gmane.org>,
NFS list <linux-nfs@vger.kernel.org>,
Linux NFSv4 mailing list <nfsv4@linux-nfs.org>
Subject: Re: Kerberos+NFSv4: Security - Multiple sessions with same user. One ticket for all?
Date: Wed, 26 Aug 2009 18:56:54 -0400 [thread overview]
Message-ID: <1251327414.5226.98.camel@heimdal.trondhjem.org> (raw)
In-Reply-To: <f6ce31e30908261531m1ce99cd8m9ddde6269f0e536f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
On Wed, 2009-08-26 at 19:31 -0300, Carlos Andr=C3=A9 wrote:
> Wang,
>=20
> I know about "normal NFS" security issues... old times... "trust on
> host"... -_-'
> But I thought that this problem never happen using NFSv4+Kerberos5. I=
n
> resume, it's more secure then only NFS (without Kerberos), but still
> have alot of serious security problems...
This discussion keeps coming up, over and over again because people kee=
p
misunderstanding the Linux/*NIX security model.
The real issue is that a user with root privileges has a million ways o=
f
sniffing your passwords (e.g. as you type them in), reading your cached
data (e.g. /dev/kmem), or hijacking your processes (e.g. a /bin/ls
trojan). There is _nothing_ NFS can do to protect you against a
compromised root account.
Schemes like David Howells' keyrings can help against one or two of
these attacks, but cannot eliminate them all.
IOW: The problem isn't NFS. The exact same attacks can be used against
ssh, cifs, and all the other 'secure' protocols.
All Krb5 does is to make you safe against unprivileged users
impersonating you, and to make you safe against network packet sniffing
and spoofing.
Trond
prev parent reply other threads:[~2009-08-26 22:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-26 11:46 Kerberos+NFSv4: Security - Multiple sessions with same user. One ticket for all? Carlos André
2009-08-26 11:51 ` Ondrej Valousek
2009-08-26 21:09 ` le wang
[not found] ` <cbeb1f2b0908261409t21222b37le77f9afc03da038a-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-08-26 22:31 ` Carlos André
[not found] ` <f6ce31e30908261531m1ce99cd8m9ddde6269f0e536f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2009-08-26 22:56 ` Trond Myklebust [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1251327414.5226.98.camel@heimdal.trondhjem.org \
--to=trond.myklebust@fys.uio.no \
--cc=candrecn@gmail.com \
--cc=lewang2000@gmail.com \
--cc=linux-nfs@vger.kernel.org \
--cc=nfsv4@linux-nfs.org \
--cc=webserv-K2D8ygZuxnnrBKCeMvbIDA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox