On Wed, 2009-08-26 at 19:31 -0300, Carlos Andr=C3=A9 wrote:
> Wang,
>=20
> I know about "normal NFS" security issues... old times... "trust on
> host"... -_-'
> But I thought that this problem never happen using NFSv4+Kerberos5. I=
n
> resume, it's more secure then only NFS (without Kerberos), but still
> have alot of serious security problems...
This discussion keeps coming up, over and over again because people kee=
p
misunderstanding the Linux/*NIX security model.
The real issue is that a user with root privileges has a million ways o=
f
sniffing your passwords (e.g. as you type them in), reading your cached
data (e.g. /dev/kmem), or hijacking your processes (e.g. a /bin/ls
trojan). There is _nothing_ NFS can do to protect you against a
compromised root account.
Schemes like David Howells' keyrings can help against one or two of
these attacks, but cannot eliminate them all.
IOW: The problem isn't NFS. The exact same attacks can be used against
ssh, cifs, and all the other 'secure' protocols.
All Krb5 does is to make you safe against unprivileged users
impersonating you, and to make you safe against network packet sniffing
and spoofing.
Trond